This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Re: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.
- From: Florian Weimer <fweimer at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Wed, 09 Apr 2014 17:07:17 +0200
- Subject: Re: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.
On 04/09/2014 01:57 PM, Mark Wielaard wrote:
> + /* Check for unsigned overflow so malloc always allocated
> + enough memory for both the Elf_Data header and the
> + uncompressed section data. */
> + if (unlikely (sizeof (Elf_Data) + size < size))
> + break;
> +
Looks good to me.
--
Florian Weimer / Red Hat Product Security Team