elflint: Make sure we can read a whole element when iterating over group.

Change the for loop so that we can always read a full element.

https://sourceware.org/bugzilla/show_bug.cgi?id=22892

Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/src/ChangeLog b/src/ChangeLog
index 0ae01e9267b9380f2f4061d2eafeb9e6c5b5500a..e73c615462fdf9b411ea622644e20ec770e19dd2 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2018-02-09  Mark Wielaard  <mark@klomp.org>
+
+       * elflint.c (check_group): Make sure we can read a complete
+       element when iterating over the group.
+
 2018-02-09  Mark Wielaard  <mark@klomp.org>
 
        * readelf.c (attr_callback): Handle DW_FORM_data16 as Dwarf_Block.

diff --git a/src/elflint.c b/src/elflint.c
index df1b3a03274fa8a5a0e2fbe6af07ab30646bd9f1..ebb0e4e086cb6aacc1ffda88b1041fe8d00c3460 100644 (file)
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -2713,7 +2713,7 @@ section [%2d] '%s': section group with only one member\n"),
        ERROR (gettext ("section [%2d] '%s': unknown section group flags\n"),
               idx, section_name (ebl, idx));
 
-      for (cnt = elsize; cnt < data->d_size; cnt += elsize)
+      for (cnt = elsize; cnt + elsize <= data->d_size; cnt += elsize)
        {
 #if ALLOW_UNALIGNED
          val = *((Elf32_Word *) ((char *) data->d_buf + cnt));