[PATCH] readelf: Fix bounds check in print_form_data.

Mark Wielaard mark@klomp.org
Mon Jun 11 15:52:00 GMT 2018

On Mon, 2018-06-11 at 02:18 +0200, Mark Wielaard wrote:
> The afl fuzzer found that we did a wrong check in print_form_data when
> comparing the remaining bytes in the buffer to an (unsigned) value read.
> We were casting the value to ptrdiff_t which is a signed value and so
> might turn a really big unsigned value into a negative number. Since we
> know the difference between readendp and readp is zero or greater, we
> should cast the pointer difference to size_t (and unsigned type) instead
> before comparing with the unsigned value.

Pushed to master

More information about the Elfutils-devel mailing list