From: Mark Wielaard <mark@klomp.org>
Date: Sun, 19 Dec 2021 19:53:34 +0000 (+0100)
Subject: libdwfl: Make sure dyn_filesz has a sane size
X-Git-Tag: elfutils-0.187~51
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bc14c148a6ad9b84bda428bd3bc75028515f0151;p=thirdparty%2Felfutils.git

libdwfl: Make sure dyn_filesz has a sane size

In dwfl_segment_report_module dyn_filesz should be able to hold at
least one Elf_Dyn element, and not be larger than possible.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index 38e2bdaa1..1f83576d7 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,9 @@
+2021-12-08  Mark Wielaard  <mark@klomp.org>
+
+	* dwfl_segment_report_module.c (dwfl_segment_report_module): Make sure
+	that dyn_filesz can contain at least one Elf_Dyn and isn't larger than
+	possible.
+
 2021-12-08  Mark Wielaard  <mark@klomp.org>
 
 	* dwfl_segment_report_module.c (dwfl_segment_report_module): Make sure
diff --git a/libdwfl/dwfl_segment_report_module.c b/libdwfl/dwfl_segment_report_module.c
index 840d6f447..78c70795f 100644
--- a/libdwfl/dwfl_segment_report_module.c
+++ b/libdwfl/dwfl_segment_report_module.c
@@ -787,6 +787,9 @@ dwfl_segment_report_module (Dwfl *dwfl, int ndx, const char *name,
       if (dyn_data_size != 0)
 	dyn_filesz = dyn_data_size;
 
+      if ((dyn_filesz / dyn_entsize) == 0
+	  || dyn_filesz > (SIZE_MAX / dyn_entsize))
+	goto out;
       void *dyns = malloc (dyn_filesz);
       Elf32_Dyn *d32 = dyns;
       Elf64_Dyn *d64 = dyns;