This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
[PATCH] libelf: Check index_size doesn't overflow in elf_getarsym.
- From: Mark Wielaard <mjw at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Tue, 16 Dec 2014 20:03:08 +0100
- Subject: [PATCH] libelf: Check index_size doesn't overflow in elf_getarsym.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
libelf/ChangeLog | 4 ++++
libelf/elf_getarsym.c | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 7406509..fe210ab 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,5 +1,9 @@
2014-12-15 Mark Wielaard <mjw@redhat.com>
+ * elf_getarsym.c (elf_getarsym): Check index_size doesn't overflow.
+
+2014-12-15 Mark Wielaard <mjw@redhat.com>
+
* elf_begin.c (read_long_names): Clear any garbage left in the
name table.
diff --git a/libelf/elf_getarsym.c b/libelf/elf_getarsym.c
index ba88aa0..40633aa 100644
--- a/libelf/elf_getarsym.c
+++ b/libelf/elf_getarsym.c
@@ -182,7 +182,8 @@ elf_getarsym (elf, ptr)
tmpbuf[10] = '\0';
size_t index_size = atol (tmpbuf);
- if (SARMAG + sizeof (struct ar_hdr) + index_size > elf->maximum_size
+ if (index_size > elf->maximum_size
+ || elf->maximum_size - index_size < SARMAG + sizeof (struct ar_hdr)
#if SIZE_MAX <= 4294967295U
|| n >= SIZE_MAX / sizeof (Elf_Arsym)
#endif
--
1.8.3.1