From: Mark Wielaard <mjw@redhat.com>
Date: Tue, 9 Dec 2014 12:16:23 +0000 (+0100)
Subject: libdwfl: Check file count overflow in handle_file_note.
X-Git-Tag: elfutils-0.161~43
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e2bde259624800165c8e3d3e54260b7fbe304333;p=thirdparty%2Felfutils.git

libdwfl: Check file count overflow in handle_file_note.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index b882f2049..66e642f14 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-09  Mark Wielaard  <mjw@redhat.com>
+
+	* dwfl_segment_report_module.c (handle_file_note): Check count doesn't
+	overflow.
+
 2014-12-07  Mark Wielaard  <mjw@redhat.com>
 
 	* relocate.c (relocate_section): Sanity check section overlap against
diff --git a/libdwfl/dwfl_segment_report_module.c b/libdwfl/dwfl_segment_report_module.c
index 827708e1c..898457f11 100644
--- a/libdwfl/dwfl_segment_report_module.c
+++ b/libdwfl/dwfl_segment_report_module.c
@@ -158,6 +158,10 @@ handle_file_note (GElf_Addr module_start, GElf_Addr module_end,
   if (! buf_read_ulong (ei_data, sz, &ptr, end, NULL)) // page_size
     return NULL;
 
+  uint64_t maxcount = (size_t) (end - ptr) / (3 * sz);
+  if (count > maxcount)
+    return NULL;
+
   /* Where file names are stored.  */
   const char *fptr = ptr + 3 * count * sz;