public inbox for elfutils@sourceware.org
 help / color / mirror / Atom feed
* [COMMITTED] libdwfl: Don't read beyond end of file in dwfl_segment_report_module
@ 2021-12-08 16:21 Mark Wielaard
  0 siblings, 0 replies; only message in thread
From: Mark Wielaard @ 2021-12-08 16:21 UTC (permalink / raw)
  To: elfutils-devel; +Cc: Evgeny Vereshchagin, Mark Wielaard

The ELF might not be fully mapped into memory (which probably means
the phdrs are bogus). Don't try to read beyond what we have in memory
already.

Reported-by: Evgeny Vereshchagin <evvers@ya.ru>
Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 libdwfl/ChangeLog                    | 5 +++++
 libdwfl/dwfl_segment_report_module.c | 6 +++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index 57b2c494..b2a8752a 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,8 @@
+2021-12-08  Mark Wielaard  <mark@klomp.org>
+
+	* dwfl_segment_report_module.c (dwfl_segment_report_module): Don't
+	read beyond of (actual) end of (memory) file.
+
 2021-11-18  Matthias Maennich  <maennich@google.com>
 
 	* linux-kernel-modules.c (dwfl_linux_kernel_report_modules):
diff --git a/libdwfl/dwfl_segment_report_module.c b/libdwfl/dwfl_segment_report_module.c
index ee9cfa2e..f6a1799e 100644
--- a/libdwfl/dwfl_segment_report_module.c
+++ b/libdwfl/dwfl_segment_report_module.c
@@ -924,8 +924,12 @@ dwfl_segment_report_module (Dwfl *dwfl, int ndx, const char *name,
               GElf_Off offset = is32 ? p32[i].p_offset : p64[i].p_offset;
               GElf_Xword filesz = is32 ? p32[i].p_filesz : p64[i].p_filesz;
 
+              /* Don't try to read beyond the actual end of file.  */
+              if (offset >= file_trimmed_end)
+                continue;
+
               void *into = contents + offset;
-              size_t read_size = filesz;
+              size_t read_size = MIN (filesz, file_trimmed_end - offset);
               (*memory_callback) (dwfl, addr_segndx (dwfl, segment,
                                                      vaddr + bias, false),
                                   &into, &read_size, vaddr + bias, read_size,
-- 
2.18.4


^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2021-12-08 16:21 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-08 16:21 [COMMITTED] libdwfl: Don't read beyond end of file in dwfl_segment_report_module Mark Wielaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).