This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
[PATCH] readelf: Check count fits and doesn't overflow fptr in handle_file_note.
- From: Mark Wielaard <mjw at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Tue, 09 Dec 2014 12:59:52 +0100
- Subject: [PATCH] readelf: Check count fits and doesn't overflow fptr in handle_file_note.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
src/ChangeLog | 5 +++++
src/readelf.c | 8 ++++++--
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/src/ChangeLog b/src/ChangeLog
index 4771dc9..456e5a4 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-09 Mark Wielaard <mjw@redhat.com>
+
+ * readelf.c (handle_file_note): Check count fits data section and
+ doesn't overflow fptr.
+
2014-12-08 Mark Wielaard <mjw@redhat.com>
* readelf.c (print_debug_exception_table): Report invalid data if
diff --git a/src/readelf.c b/src/readelf.c
index 1db54c6..c6d10f7 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -9017,9 +9017,13 @@ handle_file_note (Elf *core, GElf_Word descsz, GElf_Off desc_pos)
return;
}
+ size_t addrsize = gelf_fsize (core, ELF_T_ADDR, 1, EV_CURRENT);
+ uint64_t maxcount = (size_t) (end - ptr) / (3 * addrsize);
+ if (count > maxcount)
+ goto fail;
+
/* Where file names are stored. */
- unsigned char const *const fstart
- = ptr + 3 * count * gelf_fsize (core, ELF_T_ADDR, 1, EV_CURRENT);
+ unsigned char const *const fstart = ptr + 3 * count * addrsize;
char const *fptr = (char *) fstart;
printf (" %" PRId64 " files:\n", count);
--
1.8.3.1