From: Jan Kratochvil <jan.kratochvil@redhat.com>
Date: Wed, 5 Jan 2011 09:06:21 +0000 (+0100)
Subject: Fix off64_t overflow when MAXIMUM_SIZE == ~0.
X-Git-Tag: elfutils-0.151~15
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f1ccc410d6bda15ed49fc5d0fef9f6f65acbfb63;p=thirdparty%2Felfutils.git

Fix off64_t overflow when MAXIMUM_SIZE == ~0.
---

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index a8ded88ee..d88e2fe53 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2011-01-05  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	* elf_getdata_rawchunk.c (elf_getdata_rawchunk): Fix off64_t overflow
+	when MAXIMUM_SIZE == ~0.
+
 2010-08-18  Roland McGrath  <roland@redhat.com>
 
 	* gelf_fsize.c (__libelf_type_sizes): Add entries for ELF_T_LIB
diff --git a/libelf/elf_getdata_rawchunk.c b/libelf/elf_getdata_rawchunk.c
index 5af0f7f39..3ec2100a8 100644
--- a/libelf/elf_getdata_rawchunk.c
+++ b/libelf/elf_getdata_rawchunk.c
@@ -78,8 +78,8 @@ elf_getdata_rawchunk (elf, offset, size, type)
       return NULL;
     }
 
-  if (unlikely (size > elf->maximum_size
-		|| (off64_t) (elf->maximum_size - size) < offset))
+  if (unlikely (offset < 0 || offset + (off64_t) size < offset
+		|| offset + size > elf->maximum_size))
     {
       /* Invalid request.  */
       __libelf_seterrno (ELF_E_INVALID_OP);