+2010-04-14 Roland McGrath <roland@redhat.com>
+
+ * elf32_getphdr.c: Check for e_phoff/size outside the file bounds.
+ * elf_begin.c (file_read_elf): Don't set .phdr here.
+
2010-04-13 Roland McGrath <roland@redhat.com>
* elf.h: Update from glibc.
size_t size = phnum * sizeof (ElfW2(LIBELFBITS,Phdr));
+ if (ehdr->e_phoff < elf->maximum_size
+ || elf->maximum_size - ehdr->e_phoff < size)
+ {
+ __libelf_seterrno (ELF_E_INVALID_DATA);
+ goto out;
+ }
+
if (elf->map_address != NULL)
{
/* All the data is already mapped. Use it. */
elf->state.elf32.ehdr = ehdr;
elf->state.elf32.shdr
= (Elf32_Shdr *) ((char *) ehdr + ehdr->e_shoff);
- if (ehdr->e_phnum > 0)
- /* Assign a value only if there really is a program
- header. Otherwise the value remains NULL. */
- elf->state.elf32.phdr
- = (Elf32_Phdr *) ((char *) ehdr + ehdr->e_phoff);
+
+ /* Don't precache the phdr pointer here.
+ elf32_getphdr will validate it against the size when asked. */
for (size_t cnt = 0; cnt < scncnt; ++cnt)
{
elf->state.elf64.ehdr = ehdr;
elf->state.elf64.shdr
= (Elf64_Shdr *) ((char *) ehdr + ehdr->e_shoff);
- if (ehdr->e_phnum > 0)
- /* Assign a value only if there really is a program
- header. Otherwise the value remains NULL. */
- elf->state.elf64.phdr
- = (Elf64_Phdr *) ((char *) ehdr + ehdr->e_phoff);
+
+ /* Don't precache the phdr pointer here.
+ elf64_getphdr will validate it against the size when asked. */
for (size_t cnt = 0; cnt < scncnt; ++cnt)
{
projects / thirdparty / elfutils.git / commitdiff
