* [PATCH] libelf: Check index_size doesn't overflow in elf_getarsym.
@ 2014-12-16 19:03 Mark Wielaard
0 siblings, 0 replies; only message in thread
From: Mark Wielaard @ 2014-12-16 19:03 UTC (permalink / raw)
To: elfutils-devel
[-- Attachment #1: Type: text/plain, Size: 1129 bytes --]
Signed-off-by: Mark Wielaard <mjw@redhat.com>
---
libelf/ChangeLog | 4 ++++
libelf/elf_getarsym.c | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 7406509..fe210ab 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,5 +1,9 @@
2014-12-15 Mark Wielaard <mjw@redhat.com>
+ * elf_getarsym.c (elf_getarsym): Check index_size doesn't overflow.
+
+2014-12-15 Mark Wielaard <mjw@redhat.com>
+
* elf_begin.c (read_long_names): Clear any garbage left in the
name table.
diff --git a/libelf/elf_getarsym.c b/libelf/elf_getarsym.c
index ba88aa0..40633aa 100644
--- a/libelf/elf_getarsym.c
+++ b/libelf/elf_getarsym.c
@@ -182,7 +182,8 @@ elf_getarsym (elf, ptr)
tmpbuf[10] = '\0';
size_t index_size = atol (tmpbuf);
- if (SARMAG + sizeof (struct ar_hdr) + index_size > elf->maximum_size
+ if (index_size > elf->maximum_size
+ || elf->maximum_size - index_size < SARMAG + sizeof (struct ar_hdr)
#if SIZE_MAX <= 4294967295U
|| n >= SIZE_MAX / sizeof (Elf_Arsym)
#endif
--
1.8.3.1
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-12-16 19:03 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-12-16 19:03 [PATCH] libelf: Check index_size doesn't overflow in elf_getarsym Mark Wielaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).