libelf: Don't crash elf[32|64]_xlateto[fm] on bad arguments.

Check that src and dest aren't NULL and that src->d_type < ELF_T_NUM.

      * elf32_xlatetof.c (elfw2(LIBELFBITS, xlatetof)): Check src, dest
      and src->d_type are valid.
      * elf32_xlatetom.c (elfw2(LIBELFBITS, xlatetom)): Likewise.

Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/libelf/elf32_xlatetof.c b/libelf/elf32_xlatetof.c
index ab3e609ee5d26322eb1948947a8e58d0b6b6fe4a..44c75ef052fc09907be172e179a7a56e91df3a47 100644 (file)
--- a/libelf/elf32_xlatetof.c
+++ b/libelf/elf32_xlatetof.c
@@ -45,6 +45,15 @@ Elf_Data *
 elfw2(LIBELFBITS, xlatetof) (Elf_Data *dest, const Elf_Data *src,
                             unsigned int encode)
 {
+  if (src == NULL || dest == NULL)
+    return NULL;
+
+  if (src->d_type >= ELF_T_NUM)
+    {
+      __libelf_seterrno (ELF_E_UNKNOWN_TYPE);
+      return NULL;
+    }
+
   /* First test whether the input data is really suitable for this
      type.  This means, whether there is an integer number of records.
      Note that for this implementation the memory and file size of the

diff --git a/libelf/elf32_xlatetom.c b/libelf/elf32_xlatetom.c
index fa3dc9a724a1565ef1a08121895c0e25797f0275..a1eea842803e68932ce328413489ea9e847c191a 100644 (file)
--- a/libelf/elf32_xlatetom.c
+++ b/libelf/elf32_xlatetom.c
@@ -45,6 +45,15 @@ Elf_Data *
 elfw2(LIBELFBITS, xlatetom) (Elf_Data *dest, const Elf_Data *src,
                             unsigned int encode)
 {
+  if (src == NULL || dest == NULL)
+    return NULL;
+
+  if (src->d_type >= ELF_T_NUM)
+    {
+      __libelf_seterrno (ELF_E_UNKNOWN_TYPE);
+      return NULL;
+    }
+
   /* First test whether the input data is really suitable for this
      type.  This means, whether there is an integer number of records.
      Note that for this implementation the memory and file size of the