From: Mark Wielaard <mark@klomp.org>
Date: Mon, 26 Feb 2018 21:53:10 +0000 (+0100)
Subject: elflint: Make sure we can read a whole element when iterating over group.
X-Git-Tag: elfutils-0.171~70
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=22e282071021fc5ada2b9294bfa7e25fbd62a9d6;p=thirdparty%2Felfutils.git

elflint: Make sure we can read a whole element when iterating over group.

Change the for loop so that we can always read a full element.

https://sourceware.org/bugzilla/show_bug.cgi?id=22892

Signed-off-by: Mark Wielaard <mark@klomp.org>
---

diff --git a/src/ChangeLog b/src/ChangeLog
index 0ae01e926..e73c61546 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2018-02-09  Mark Wielaard  <mark@klomp.org>
+
+	* elflint.c (check_group): Make sure we can read a complete
+	element when iterating over the group.
+
 2018-02-09  Mark Wielaard  <mark@klomp.org>
 
 	* readelf.c (attr_callback): Handle DW_FORM_data16 as Dwarf_Block.
diff --git a/src/elflint.c b/src/elflint.c
index df1b3a032..ebb0e4e08 100644
--- a/src/elflint.c
+++ b/src/elflint.c
@@ -2713,7 +2713,7 @@ section [%2d] '%s': section group with only one member\n"),
 	ERROR (gettext ("section [%2d] '%s': unknown section group flags\n"),
 	       idx, section_name (ebl, idx));
 
-      for (cnt = elsize; cnt < data->d_size; cnt += elsize)
+      for (cnt = elsize; cnt + elsize <= data->d_size; cnt += elsize)
 	{
 #if ALLOW_UNALIGNED
 	  val = *((Elf32_Word *) ((char *) data->d_buf + cnt));