libelf: Check uncompressed gnu size fits into d_size for ELF class

32bit ELF can only represent up to UINT32_MAX bytes in d_size. Sanity
check that the uncompressed size isn't bigger so we don't silently
truncate it.

	* libelf/elf_compress_gnu.c (elf_compress_gnu): Check gsize
	fits UINT32_MAX for ELFCLASS32.

Signed-off-by: Mark Wielaard <mark@klomp.org>

diff --git a/libelf/elf_compress_gnu.c b/libelf/elf_compress_gnu.c
index 006e2ae4126dab31b56963565a20dc3b504ab8e3..a9fff07edc2de1ef77709eb06dd548721337630b 100644 (file)
--- a/libelf/elf_compress_gnu.c
+++ b/libelf/elf_compress_gnu.c
@@ -168,8 +168,11 @@ elf_compress_gnu (Elf_Scn *scn, int inflate, unsigned int flags)
       /* One more sanity check, size should be bigger than original
         data size plus some overhead (4 chars ZLIB + 8 bytes size + 6
         bytes zlib stream overhead + 5 bytes overhead max for one 16K
-        block) and should fit into a size_t.  */
-      if (gsize + 4 + 8 + 6 + 5 < data->d_size || gsize > SIZE_MAX)
+        block) and should fit into a size_t (or in UINT32_MAX for
+        32bit ELF).  */
+      if (gsize + 4 + 8 + 6 + 5 < data->d_size
+         || gsize > SIZE_MAX
+         || (elfclass == ELFCLASS32 && gsize > UINT32_MAX))
        {
          __libelf_seterrno (ELF_E_NOT_COMPRESSED);
          return -1;