libdwfl: Check file count overflow in handle_file_note.

author Mark Wielaard <mjw@redhat.com>

Tue, 9 Dec 2014 12:16:23 +0000 (13:16 +0100)

committer Mark Wielaard <mjw@redhat.com>

Fri, 12 Dec 2014 12:04:19 +0000 (13:04 +0100)
author Mark Wielaard <mjw@redhat.com>
Tue, 9 Dec 2014 12:16:23 +0000 (13:16 +0100)
committer Mark Wielaard <mjw@redhat.com>
Fri, 12 Dec 2014 12:04:19 +0000 (13:04 +0100)
diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog

index b882f2049ca032af26c45ca0048cd59612805342..66e642f140958a1ed227c3528dce588929c347ce 100644 (file)
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-09  Mark Wielaard  <mjw@redhat.com>
+
+       * dwfl_segment_report_module.c (handle_file_note): Check count doesn't
+       overflow.
+
  2014-12-07  Mark Wielaard  <mjw@redhat.com>
  
         * relocate.c (relocate_section): Sanity check section overlap against
diff --git a/libdwfl/dwfl_segment_report_module.c b/libdwfl/dwfl_segment_report_module.c

index 827708e1c9d1cbb1c47e84dd75442c936b6f2dac..898457f11f6ed95f969a30b16b0b6bd0e71b1fbb 100644 (file)
--- a/libdwfl/dwfl_segment_report_module.c
+++ b/libdwfl/dwfl_segment_report_module.c
@@ -158,6 +158,10 @@ handle_file_note (GElf_Addr module_start, GElf_Addr module_end,
    if (! buf_read_ulong (ei_data, sz, &ptr, end, NULL)) // page_size
      return NULL;
  
+  uint64_t maxcount = (size_t) (end - ptr) / (3 * sz);
+  if (count > maxcount)
+    return NULL;
+
    /* Where file names are stored.  */
    const char *fptr = ptr + 3 * count * sz;
author	Mark Wielaard <mjw@redhat.com>
	Tue, 9 Dec 2014 12:16:23 +0000 (13:16 +0100)
committer	Mark Wielaard <mjw@redhat.com>
	Fri, 12 Dec 2014 12:04:19 +0000 (13:04 +0100)
libdwfl/ChangeLog		patch \| blob \| blame \| history
libdwfl/dwfl_segment_report_module.c		patch \| blob \| blame \| history