ctf-archive sanity checks

Existing code checks that the first uint64_t ctfa_magic field is
available before reading but neglects to check that the last uint64_t
ctfa_ctfs is available before reading it in ctf_arc_bufpreamble.
ctf_arc_bufopen sets up a pointer to the struct ctf_archive in
ctf_new_archive_internal.  Extend the check to cover the entire struct.

	PR 33548
	PR 33549
	* ctf-archive.c (ctf_arc_bufpreamble, ctf_arc_bufopen): Check
	that buffer contains at least an entire struct ctf_archive
	when accessing such a struct.

diff --git a/libctf/ctf-archive.c b/libctf/ctf-archive.c
index 6c4595fcc84d8641fcd224e5eb5954a940c3cdd9..63184e662444aaa27449d741d52e0081af85ea1a 100644 (file)
--- a/libctf/ctf-archive.c
+++ b/libctf/ctf-archive.c
@@ -395,7 +395,7 @@ const ctf_preamble_t *
 ctf_arc_bufpreamble (const ctf_sect_t *ctfsect)
 {
   if (ctfsect->cts_data != NULL
-      && ctfsect->cts_size > sizeof (uint64_t)
+      && ctfsect->cts_size >= sizeof (struct ctf_archive)
       && (le64toh ((*(uint64_t *) ctfsect->cts_data)) == CTFA_MAGIC))
     {
       struct ctf_archive *arc = (struct ctf_archive *) ctfsect->cts_data;
@@ -418,7 +418,7 @@ ctf_arc_bufopen (const ctf_sect_t *ctfsect, const ctf_sect_t *symsect,
   ctf_dict_t *fp = NULL;
 
   if (ctfsect->cts_data != NULL
-      && ctfsect->cts_size > sizeof (uint64_t)
+      && ctfsect->cts_size >= sizeof (struct ctf_archive)
       && (le64toh ((*(uint64_t *) ctfsect->cts_data)) == CTFA_MAGIC))
     {
       /* The archive is mmappable, so this operation is trivial.