libdwfl: Make sure elf_getdata_rawchunk size_t doesn't overflow find_dynsym.

Signed-off-by: Mark Wielaard <mjw@redhat.com>

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index c49558fca8c95b2236e25d607ee33fefb0e538e7..36585765ce92e8939aa67885169a58f9fdddace1 100644 (file)
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-13  Mark Wielaard  <mjw@redhat.com>
+
+       * dwfl_module_getdwarf.c (find_dynsym): elf_getdata_rawchunk takes
+       a size_t, make sure it doesn't overflow.
+
 2014-12-13  Mark Wielaard  <mjw@redhat.com>
 
        * cu.c (cudie_offset): Make sure Dwarf_Off difference doesn't

diff --git a/libdwfl/dwfl_module_getdwarf.c b/libdwfl/dwfl_module_getdwarf.c
index c2e9e5916d9433f950d41310c0a6371afdf570b5..ab9bd48d4cd73dc1df816560852bb43a49923b80 100644 (file)
--- a/libdwfl/dwfl_module_getdwarf.c
+++ b/libdwfl/dwfl_module_getdwarf.c
@@ -768,7 +768,15 @@ find_dynsym (Dwfl_Module *mod)
                                              * sizeof (Elf32_Word)
                                              * header->maskwords));
 
-                   data = elf_getdata_rawchunk (mod->main.elf, buckets_at,
+                   // elf_getdata_rawchunk takes a size_t, make sure it
+                   // doesn't overflow.
+#if SIZE_MAX <= UINT32_MAX
+                   if (nbuckets > SIZE_MAX / sizeof (Elf32_Word))
+                     data = NULL;
+                   else
+#endif
+                     data
+                        = elf_getdata_rawchunk (mod->main.elf, buckets_at,
                                                 nbuckets * sizeof (Elf32_Word),
                                                 ELF_T_WORD);
                    if (data != NULL && symndx < nbuckets)