* [PATCH] libdwfl: Make sure dwfl_elf_phdr_memory_callback returns at least minread
@ 2021-12-23 22:19 Mark Wielaard
2022-01-03 23:38 ` Mark Wielaard
0 siblings, 1 reply; 2+ messages in thread
From: Mark Wielaard @ 2021-12-23 22:19 UTC (permalink / raw)
To: elfutils-devel; +Cc: Mark Wielaard
The callers of dwfl_elf_phdr_memory_callback assume at least minread
bytes are read and available. Make sure to check start is smaller than
elf->maximum_size before reading more. Return false if end - start is
smaller than minread.
Found by afl-fuzz.
Signed-off-by: Mark Wielaard <mark@klomp.org>
---
libdwfl/ChangeLog | 5 +++++
libdwfl/core-file.c | 6 +++++-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index abd5c34a..49a35e41 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,8 @@
+2021-12-23 Mark Wielaard <mark@klomp.org>
+
+ * core-file.c (dwfl_elf_phdr_memory_callback): Check start <
+ elf->maximum_size and end - start < minread.
+
2021-12-20 Mark Wielaard <mark@klomp.org>
* dwfl_segment_report_module.c (dwfl_segment_report_module): Move
diff --git a/libdwfl/core-file.c b/libdwfl/core-file.c
index b04d1d18..d5be771f 100644
--- a/libdwfl/core-file.c
+++ b/libdwfl/core-file.c
@@ -1,5 +1,6 @@
/* Core file handling.
Copyright (C) 2008-2010, 2013, 2015 Red Hat, Inc.
+ Copyright (C) 2011 Mark J. Wielaard <mark@klomp.org>
This file is part of elfutils.
This file is free software; you can redistribute it and/or modify
@@ -320,7 +321,7 @@ dwfl_elf_phdr_memory_callback (Dwfl *dwfl, int ndx,
(void) more (*buffer_available);
/* If it's already on hand anyway, use as much as there is. */
- if (elf->map_address != NULL)
+ if (elf->map_address != NULL && start < elf->maximum_size)
(void) more (elf->maximum_size - start);
/* Make sure we don't look past the end of the actual file,
@@ -332,6 +333,9 @@ dwfl_elf_phdr_memory_callback (Dwfl *dwfl, int ndx,
if (unlikely (start >= end))
return false;
+ if (end - start < minread)
+ return false;
+
if (elf->map_address != NULL)
{
void *contents = elf->map_address + elf->start_offset + start;
--
2.30.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] libdwfl: Make sure dwfl_elf_phdr_memory_callback returns at least minread
2021-12-23 22:19 [PATCH] libdwfl: Make sure dwfl_elf_phdr_memory_callback returns at least minread Mark Wielaard
@ 2022-01-03 23:38 ` Mark Wielaard
0 siblings, 0 replies; 2+ messages in thread
From: Mark Wielaard @ 2022-01-03 23:38 UTC (permalink / raw)
To: elfutils-devel
On Thu, Dec 23, 2021 at 11:19:31PM +0100, Mark Wielaard wrote:
> The callers of dwfl_elf_phdr_memory_callback assume at least minread
> bytes are read and available. Make sure to check start is smaller than
> elf->maximum_size before reading more. Return false if end - start is
> smaller than minread.
>
> Found by afl-fuzz.
Pushed to master.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-01-03 23:38 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-23 22:19 [PATCH] libdwfl: Make sure dwfl_elf_phdr_memory_callback returns at least minread Mark Wielaard
2022-01-03 23:38 ` Mark Wielaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).