From: Mark Wielaard Date: Sun, 31 May 2015 14:05:34 +0000 (+0200) Subject: libelf: Fix possible unbounded stack usage in getphdr_wrlock. X-Git-Tag: elfutils-0.162~21 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2ec518247897bfa41327db2627e1e6112e5d59da;p=thirdparty%2Felfutils.git libelf: Fix possible unbounded stack usage in getphdr_wrlock. When a copy needs to be made of the phdrs, allocate with malloc and free after conversion instead of calling alloca. Signed-off-by: Mark Wielaard --- diff --git a/libelf/ChangeLog b/libelf/ChangeLog index 4fd3f9f56..65f9112d2 100644 --- a/libelf/ChangeLog +++ b/libelf/ChangeLog @@ -1,3 +1,8 @@ +2015-05-31 Mark Wielaard + + * elf32_getphdr.c (getphdr_wrlock): Allocate phdrs with malloc, not + alloca and free after conversion when a copy needs to be made. + 2015-05-31 Mark Wielaard * elf_getarsym.c (elf_getarsym): Allocate temporary file_date with diff --git a/libelf/elf32_getphdr.c b/libelf/elf32_getphdr.c index 1b82a4802..38e489dc3 100644 --- a/libelf/elf32_getphdr.c +++ b/libelf/elf32_getphdr.c @@ -141,13 +141,20 @@ __elfw2(LIBELFBITS,getphdr_wrlock) (elf) } else { - if (ALLOW_UNALIGNED - || ((uintptr_t) file_phdr - & (__alignof__ (ElfW2(LIBELFBITS,Phdr)) - 1)) == 0) + bool copy = ! (ALLOW_UNALIGNED + || ((uintptr_t) file_phdr + & (__alignof__ (ElfW2(LIBELFBITS,Phdr)) + - 1)) == 0); + if (! copy) notcvt = file_phdr; else { - notcvt = (ElfW2(LIBELFBITS,Phdr) *) alloca (size); + notcvt = (ElfW2(LIBELFBITS,Phdr) *) malloc (size); + if (unlikely (notcvt == NULL)) + { + __libelf_seterrno (ELF_E_NOMEM); + goto out; + } memcpy (notcvt, file_phdr, size); } @@ -162,6 +169,9 @@ __elfw2(LIBELFBITS,getphdr_wrlock) (elf) CONVERT_TO (phdr[cnt].p_flags, notcvt[cnt].p_flags); CONVERT_TO (phdr[cnt].p_align, notcvt[cnt].p_align); } + + if (copy) + free (notcvt); } } }