Fix off64_t overflow when MAXIMUM_SIZE == ~0.

author Jan Kratochvil <jan.kratochvil@redhat.com>

Wed, 5 Jan 2011 09:06:21 +0000 (10:06 +0100)

committer Jan Kratochvil <jan.kratochvil@redhat.com>

Wed, 5 Jan 2011 09:06:21 +0000 (10:06 +0100)
author Jan Kratochvil <jan.kratochvil@redhat.com>
Wed, 5 Jan 2011 09:06:21 +0000 (10:06 +0100)
committer Jan Kratochvil <jan.kratochvil@redhat.com>
Wed, 5 Jan 2011 09:06:21 +0000 (10:06 +0100)
diff --git a/libelf/ChangeLog b/libelf/ChangeLog

index a8ded88ee6c6958757e3cb8ebe78c1a855cf3588..d88e2fe531380c56f9aafd278525965ef53eec78 100644 (file)
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2011-01-05  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+       * elf_getdata_rawchunk.c (elf_getdata_rawchunk): Fix off64_t overflow
+       when MAXIMUM_SIZE == ~0.
+
  2010-08-18  Roland McGrath  <roland@redhat.com>
  
         * gelf_fsize.c (__libelf_type_sizes): Add entries for ELF_T_LIB
diff --git a/libelf/elf_getdata_rawchunk.c b/libelf/elf_getdata_rawchunk.c

index 5af0f7f3989485dfd2a0e9437c3f9bc296e04075..3ec2100a81191bd5d522f828cac3f6844950cc9e 100644 (file)
--- a/libelf/elf_getdata_rawchunk.c
+++ b/libelf/elf_getdata_rawchunk.c
@@ -78,8 +78,8 @@ elf_getdata_rawchunk (elf, offset, size, type)
        return NULL;
      }
  
-  if (unlikely (size > elf->maximum_size
-               || (off64_t) (elf->maximum_size - size) < offset))
+  if (unlikely (offset < 0 || offset + (off64_t) size < offset
+               || offset + size > elf->maximum_size))
      {
        /* Invalid request.  */
        __libelf_seterrno (ELF_E_INVALID_OP);
author	Jan Kratochvil <jan.kratochvil@redhat.com>
	Wed, 5 Jan 2011 09:06:21 +0000 (10:06 +0100)
committer	Jan Kratochvil <jan.kratochvil@redhat.com>
	Wed, 5 Jan 2011 09:06:21 +0000 (10:06 +0100)
libelf/ChangeLog		patch \| blob \| blame \| history
libelf/elf_getdata_rawchunk.c		patch \| blob \| blame \| history