From ed42e7cf11ddb11ffcce9e17276476e0c3d14c71 Mon Sep 17 00:00:00 2001
From: Mark Wielaard <mark@klomp.org>
Date: Thu, 17 Mar 2022 14:03:06 +0100
Subject: [PATCH] libelf: Make sure ar_size starts with a digit before calling
 atol.

The ar_size field is a 10 character string, not zero terminated, of
decimal digits right padded with spaces.  Make sure it actually starts
with a digit before calling atol on it.  We already make sure it is
zero terminated. Otherwise atol might produce unexpected results.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 libelf/ChangeLog   | 4 ++++
 libelf/elf_begin.c | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 1883af072..07dd905f9 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,7 @@
+2022-03-17  Mark Wielaard  <mark@klomp.org>
+
+	* elf_begin.c (read_long_names): Check ar_size starts with a digit.
+
 2022-03-17  Mark Wielaard  <mark@klomp.org>
 
 	* elf_begin.c (get_shnum): Take offset into account for Shdr
diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
index 53bbff407..17d9b1f3c 100644
--- a/libelf/elf_begin.c
+++ b/libelf/elf_begin.c
@@ -765,6 +765,11 @@ read_long_names (Elf *elf)
 	  *((char *) mempcpy (buf, hdr->ar_size, sizeof (hdr->ar_size))) = '\0';
 	  string = buf;
 	}
+
+      /* atol expects to see at least one digit.
+	 It also cannot be negative (-).  */
+      if (!isdigit(string[0]))
+	return NULL;
       len = atol (string);
 
       if (memcmp (hdr->ar_name, "//              ", 16) == 0)
-- 
2.47.2