This is the mail archive of the
mailing list for the elfutils project.
Re: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.
- From: Mark Wielaard <mjw at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Wed, 09 Apr 2014 23:10:47 +0200
- Subject: Re: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.
On Wed, 2014-04-09 at 17:07 +0200, Florian Weimer wrote:
> On 04/09/2014 01:57 PM, Mark Wielaard wrote:
> > + /* Check for unsigned overflow so malloc always allocated
> > + enough memory for both the Elf_Data header and the
> > + uncompressed section data. */
> > + if (unlikely (sizeof (Elf_Data) + size < size))
> > + break;
> > +
> Looks good to me.
Thanks for checking. I pushed it to master now.