From: Roland McGrath <roland@redhat.com>
Date: Mon, 5 Jan 2009 08:10:11 +0000 (-0800)
Subject: Fix possible crash in note conversion.
X-Git-Tag: elfutils-0.139~10^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2fe76eae69157303b1458c17cf15c33ab385c49a;p=thirdparty%2Felfutils.git

Fix possible crash in note conversion.
---

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 38d352de3..56e0aa055 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2009-01-04  Roland McGrath  <roland@redhat.com>
+
+	* note_xlate.h (elf_cvt_note): Don't examine a size too small to
+	container a note header.
+
 2009-01-21  Ulrich Drepper  <drepper@redhat.com>
 
 	* elf32_updatefile.c (elfXX_updatemmap): When skipping non-NOBITS
diff --git a/libelf/note_xlate.h b/libelf/note_xlate.h
index 6e8b78c6c..a72fe8688 100644
--- a/libelf/note_xlate.h
+++ b/libelf/note_xlate.h
@@ -1,5 +1,5 @@
 /* Conversion functions for notes.
-   Copyright (C) 2007 Red Hat, Inc.
+   Copyright (C) 2007, 2009 Red Hat, Inc.
    This file is part of Red Hat elfutils.
 
    Red Hat elfutils is free software; you can redistribute it and/or modify
@@ -52,7 +52,7 @@ elf_cvt_note (void *dest, const void *src, size_t len, int encode)
 {
   assert (sizeof (Elf32_Nhdr) == sizeof (Elf64_Nhdr));
 
-  while (len > 0)
+  while (len >= sizeof (Elf32_Nhdr))
     {
       (1 ? Elf32_cvt_Nhdr : Elf64_cvt_Nhdr) (dest, src, sizeof (Elf32_Nhdr),
 					     encode);