From: Mark Wielaard Date: Sun, 31 May 2015 14:09:01 +0000 (+0200) Subject: libelf: Fix possible unbounded stack usage in load_shdr_wrlock. X-Git-Tag: elfutils-0.162~20 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=96f6c995ff041c7c874179f7542b244713e54570;p=thirdparty%2Felfutils.git libelf: Fix possible unbounded stack usage in load_shdr_wrlock. When a copy needs to be made of the shdrs, allocate with malloc and free after conversion instead of calling alloca. Signed-off-by: Mark Wielaard --- diff --git a/libelf/ChangeLog b/libelf/ChangeLog index 65f9112d2..79308fe8f 100644 --- a/libelf/ChangeLog +++ b/libelf/ChangeLog @@ -1,3 +1,8 @@ +2015-05-31 Mark Wielaard + + * elf32_getshdr.c (load_shdr_wrlock): Allocate shdrs with malloc, + not alloca and free after conversion when a copy needs to be made. + 2015-05-31 Mark Wielaard * elf32_getphdr.c (getphdr_wrlock): Allocate phdrs with malloc, not diff --git a/libelf/elf32_getshdr.c b/libelf/elf32_getshdr.c index 741704736..ee1aed8fc 100644 --- a/libelf/elf32_getshdr.c +++ b/libelf/elf32_getshdr.c @@ -111,15 +111,22 @@ load_shdr_wrlock (Elf_Scn *scn) } else { - if (ALLOW_UNALIGNED - || ((uintptr_t) file_shdr - & (__alignof__ (ElfW2(LIBELFBITS,Shdr)) - 1)) == 0) + bool copy = ! (ALLOW_UNALIGNED + || ((uintptr_t) file_shdr + & (__alignof__ (ElfW2(LIBELFBITS,Shdr)) - 1)) + == 0); + if (! copy) notcvt = (ElfW2(LIBELFBITS,Shdr) *) ((char *) elf->map_address + elf->start_offset + ehdr->e_shoff); else { - notcvt = (ElfW2(LIBELFBITS,Shdr) *) alloca (size); + notcvt = (ElfW2(LIBELFBITS,Shdr) *) malloc (size); + if (unlikely (notcvt == NULL)) + { + __libelf_seterrno (ELF_E_NOMEM); + goto out; + } memcpy (notcvt, ((char *) elf->map_address + elf->start_offset + ehdr->e_shoff), size); @@ -153,6 +160,9 @@ load_shdr_wrlock (Elf_Scn *scn) elf->state.ELFW(elf,LIBELFBITS).scns.data[cnt].shndx_index = -1; } + + if (copy) + free (notcvt); } } else if (likely (elf->fildes != -1))