libelf: Check index_size doesn't overflow in elf_getarsym.

author Mark Wielaard <mjw@redhat.com>

Tue, 16 Dec 2014 18:43:21 +0000 (19:43 +0100)

committer Mark Wielaard <mjw@redhat.com>

Wed, 17 Dec 2014 15:49:02 +0000 (16:49 +0100)
author Mark Wielaard <mjw@redhat.com>
Tue, 16 Dec 2014 18:43:21 +0000 (19:43 +0100)
committer Mark Wielaard <mjw@redhat.com>
Wed, 17 Dec 2014 15:49:02 +0000 (16:49 +0100)
diff --git a/libelf/ChangeLog b/libelf/ChangeLog

index 7406509e1d248dd222f12ea6ffd1dd54fc56b6dc..fe210abb5244cc52f6f91fda8e3f5fd64b132a89 100644 (file)
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,7 @@
+2014-12-15  Mark Wielaard  <mjw@redhat.com>
+
+       * elf_getarsym.c (elf_getarsym): Check index_size doesn't overflow.
+
  2014-12-15  Mark Wielaard  <mjw@redhat.com>
  
         * elf_begin.c (read_long_names): Clear any garbage left in the
diff --git a/libelf/elf_getarsym.c b/libelf/elf_getarsym.c

index ba88aa0aa74c255e8a32e7717686e9b864622779..40633aa87b31b17389e42c8111fae001ce05e493 100644 (file)
--- a/libelf/elf_getarsym.c
+++ b/libelf/elf_getarsym.c
@@ -182,7 +182,8 @@ elf_getarsym (elf, ptr)
        tmpbuf[10] = '\0';
        size_t index_size = atol (tmpbuf);
  
-      if (SARMAG + sizeof (struct ar_hdr) + index_size > elf->maximum_size
+      if (index_size > elf->maximum_size
+         || elf->maximum_size - index_size < SARMAG + sizeof (struct ar_hdr)
  #if SIZE_MAX <= 4294967295U
           || n >= SIZE_MAX / sizeof (Elf_Arsym)
  #endif
author	Mark Wielaard <mjw@redhat.com>
	Tue, 16 Dec 2014 18:43:21 +0000 (19:43 +0100)
committer	Mark Wielaard <mjw@redhat.com>
	Wed, 17 Dec 2014 15:49:02 +0000 (16:49 +0100)
libelf/ChangeLog		patch \| blob \| blame \| history
libelf/elf_getarsym.c		patch \| blob \| blame \| history