From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: multipart/mixed; boundary="===============2528666358119566121=="
MIME-Version: 1.0
From: Florian Weimer <fweimer@redhat.com>
To: elfutils-devel@lists.fedorahosted.org
Subject: Re: [PATCH] CVE-2014-0172 Check for overflow before calling malloc to
 uncompress data.
Date: Wed, 09 Apr 2014 17:07:17 +0200
Message-ID: <53456225.4030903@redhat.com>
In-Reply-To: 1397044667-7814-1-git-send-email-mjw@redhat.com

--===============2528666358119566121==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

On 04/09/2014 01:57 PM, Mark Wielaard wrote:

> +	    /* Check for unsigned overflow so malloc always allocated
> +	       enough memory for both the Elf_Data header and the
> +	       uncompressed section data.  */
> +	    if (unlikely (sizeof (Elf_Data) + size < size))
> +	      break;
> +

Looks good to me.

-- =

Florian Weimer / Red Hat Product Security Team

--===============2528666358119566121==--