This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.


On Wed, 2014-04-09 at 17:07 +0200, Florian Weimer wrote:
> On 04/09/2014 01:57 PM, Mark Wielaard wrote:
> 
> > +	    /* Check for unsigned overflow so malloc always allocated
> > +	       enough memory for both the Elf_Data header and the
> > +	       uncompressed section data.  */
> > +	    if (unlikely (sizeof (Elf_Data) + size < size))
> > +	      break;
> > +
> 
> Looks good to me.

Thanks for checking. I pushed it to master now.



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]