This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Re: [PATCH] readelf: Check count fits and doesn't overflow fptr in handle_file_note.
- From: Mark Wielaard <mjw at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Tue, 09 Dec 2014 13:19:29 +0100
- Subject: Re: [PATCH] readelf: Check count fits and doesn't overflow fptr in handle_file_note.
There is similar code in libdwfl. Make sure we don't overflow there too.
From 95673c9f3a5a64c8ca3a7cf2eb4a82ae6a14abc5 Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mjw@redhat.com>
Date: Tue, 9 Dec 2014 13:16:23 +0100
Subject: [PATCH] libdwfl: Check file count overflow in handle_file_note.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
libdwfl/ChangeLog | 5 +++++
libdwfl/dwfl_segment_report_module.c | 4 ++++
2 files changed, 9 insertions(+)
diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index b882f20..66e642f 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-09 Mark Wielaard <mjw@redhat.com>
+
+ * dwfl_segment_report_module.c (handle_file_note): Check count doesn't
+ overflow.
+
2014-12-07 Mark Wielaard <mjw@redhat.com>
* relocate.c (relocate_section): Sanity check section overlap against
diff --git a/libdwfl/dwfl_segment_report_module.c b/libdwfl/dwfl_segment_report_module.c
index 827708e..898457f 100644
--- a/libdwfl/dwfl_segment_report_module.c
+++ b/libdwfl/dwfl_segment_report_module.c
@@ -158,6 +158,10 @@ handle_file_note (GElf_Addr module_start, GElf_Addr module_end,
if (! buf_read_ulong (ei_data, sz, &ptr, end, NULL)) // page_size
return NULL;
+ uint64_t maxcount = (size_t) (end - ptr) / (3 * sz);
+ if (count > maxcount)
+ return NULL;
+
/* Where file names are stored. */
const char *fptr = ptr + 3 * count * sz;
--
1.8.3.1