From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: multipart/mixed; boundary="===============6116686704160770273=="
MIME-Version: 1.0
From: Roland McGrath <roland@hack.frob.com>
To: elfutils-devel@lists.fedorahosted.org
Subject: Re: out-of-bounds read / crash in elfutils tools (readelf, nm,
 ...) with malformed file
Date: Thu, 06 Nov 2014 10:25:43 -0800
Message-ID: <20141106182543.A7A5E2C3AC8@topped-with-meat.com>
In-Reply-To: 1415286703.19702.20.camel@bordewijk.wildebeest.org

--===============6116686704160770273==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

>           /* First see whether the information in the section header is
>              valid and it does not ask for too much.  */
>           if (unlikely (offset + size > elf->maximum_size))

This is not overflow-proof.


--===============6116686704160770273==--