From: Mark Wielaard <mjw@redhat.com>
Date: Thu, 13 Nov 2014 14:43:02 +0000 (+0100)
Subject: libelf: Fix unsigned overflow check in elf_getdata.
X-Git-Tag: elfutils-0.161~93
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c50ddfca105a73f7567f3072831dcfbf49ad0567;p=thirdparty%2Felfutils.git

libelf: Fix unsigned overflow check in elf_getdata.
---

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index a9d8c6fb2..45e220d09 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2014-11-13  Mark Wielaard  <mjw@redhat.com>
+
+	* elf_getdata.c (__libelf_set_rawdata_wrlock): Fix unsigned overflow
+	check.
+
 2014-11-08  Mark Wielaard  <mjw@redhat.com>
 
 	* elf_begin.c (__libelf_next_arhdr_wrlock): Use mempcpy not __mempcpy.
diff --git a/libelf/elf_getdata.c b/libelf/elf_getdata.c
index 33d35d6f0..1ce1e23b5 100644
--- a/libelf/elf_getdata.c
+++ b/libelf/elf_getdata.c
@@ -245,9 +245,8 @@ __libelf_set_rawdata_wrlock (Elf_Scn *scn)
 	  /* First see whether the information in the section header is
 	     valid and it does not ask for too much.  Check for unsigned
 	     overflow.  */
-	  if (unlikely (offset + size > elf->maximum_size
-			|| (offset + size + elf->maximum_size
-			    < elf->maximum_size)))
+	  if (unlikely (offset > elf->maximum_size
+	      || elf->maximum_size - offset < size))
 	    {
 	      /* Something is wrong.  */
 	      __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);