This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
[PATCH 4/5] In mixed core notes, don't let handle_core_item repeat.
- From: Petr Machata <pmachata at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Mon, 24 Sep 2012 18:23:53 +0200
- Subject: [PATCH 4/5] In mixed core notes, don't let handle_core_item repeat.
If a core note contains both registers and items, descsz is 0 to express
that we don't wish to repeat the items. If there is only one item in
such note, a special block of code hits that passes &size to
handle_core_item, which will decrease that size by the amount consumed by
the item. But because size is 0, it underflows and wraps, and the loop
following this block, which handles the common case, overruns the core
note buffer.
Signed-off-by: Petr Machata <pmachata@redhat.com>
---
src/readelf.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/src/readelf.c b/src/readelf.c
index 2954e74..5d167eb 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -7699,7 +7699,11 @@ handle_core_items (Elf *core, const void *desc, size_t descsz,
if (nitems == 1)
{
size_t size = descsz;
- colno = handle_core_item (core, sorted_items[0], desc, colno, &size);
+ /* If this note contains registers as well as items, don't pass
+ &size to express that we don't wish to repeat. */
+ colno = handle_core_item (core, sorted_items[0], desc, colno,
+ size != 0 ? &size : NULL);
+
if (size == 0)
return colno;
desc += descsz - size;
--
1.7.6.5