From: Mark Wielaard <mjw@redhat.com>
Date: Mon, 21 Mar 2016 15:01:02 +0000 (+0100)
Subject: nm: Check for malloc size argument overflow in show_symbols.
X-Git-Tag: elfutils-0.166~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=911f11a0054264ffbfae8f8e400aea52b8d1d620;p=thirdparty%2Felfutils.git

nm: Check for malloc size argument overflow in show_symbols.

Reported-by: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
---

diff --git a/src/ChangeLog b/src/ChangeLog
index fb9c77679..f74b5dcb4 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2016-03-21  Mark Wielaard  <mjw@redhat.com>
+
+	* nm.c (show_symbols): Check for malloc size argument overflow.
+
 2016-02-13  Mark Wielaard  <mjw@redhat.com>
 
 	* readelf.c (print_scngrp): Call error when gelf_getshdr fails.
diff --git a/src/nm.c b/src/nm.c
index 2911afa87..010469daf 100644
--- a/src/nm.c
+++ b/src/nm.c
@@ -1311,6 +1311,11 @@ show_symbols (int fd, Ebl *ebl, GElf_Ehdr *ehdr,
      XXX We can use a dirty trick here.  Since GElf_Sym == Elf64_Sym we
      can use the data memory instead of copying again if what we read
      is a 64 bit file.  */
+  if (nentries > SIZE_MAX / sizeof (GElf_SymX))
+    error (EXIT_FAILURE, 0,
+          gettext ("%s: entries (%zd) in section %zd `%s' is too large"),
+          fullname, nentries, elf_ndxscn (scn),
+          elf_strptr (ebl->elf, shstrndx, shdr->sh_name));
   GElf_SymX *sym_mem;
   if (nentries * sizeof (GElf_SymX) < MAX_STACK_ALLOC)
     sym_mem = (GElf_SymX *) alloca (nentries * sizeof (GElf_SymX));