From 30df1adeab5a9285830042b446a828319c6aa743 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Wed, 28 Aug 2024 23:58:58 +0200 Subject: [PATCH] libelf: Don't crash elf[32|64]_xlateto[fm] on bad arguments. Check that src and dest aren't NULL and that src->d_type < ELF_T_NUM. * elf32_xlatetof.c (elfw2(LIBELFBITS, xlatetof)): Check src, dest and src->d_type are valid. * elf32_xlatetom.c (elfw2(LIBELFBITS, xlatetom)): Likewise. Signed-off-by: Mark Wielaard --- libelf/elf32_xlatetof.c | 9 +++++++++ libelf/elf32_xlatetom.c | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/libelf/elf32_xlatetof.c b/libelf/elf32_xlatetof.c index ab3e609ee..44c75ef05 100644 --- a/libelf/elf32_xlatetof.c +++ b/libelf/elf32_xlatetof.c @@ -45,6 +45,15 @@ Elf_Data * elfw2(LIBELFBITS, xlatetof) (Elf_Data *dest, const Elf_Data *src, unsigned int encode) { + if (src == NULL || dest == NULL) + return NULL; + + if (src->d_type >= ELF_T_NUM) + { + __libelf_seterrno (ELF_E_UNKNOWN_TYPE); + return NULL; + } + /* First test whether the input data is really suitable for this type. This means, whether there is an integer number of records. Note that for this implementation the memory and file size of the diff --git a/libelf/elf32_xlatetom.c b/libelf/elf32_xlatetom.c index fa3dc9a72..a1eea8428 100644 --- a/libelf/elf32_xlatetom.c +++ b/libelf/elf32_xlatetom.c @@ -45,6 +45,15 @@ Elf_Data * elfw2(LIBELFBITS, xlatetom) (Elf_Data *dest, const Elf_Data *src, unsigned int encode) { + if (src == NULL || dest == NULL) + return NULL; + + if (src->d_type >= ELF_T_NUM) + { + __libelf_seterrno (ELF_E_UNKNOWN_TYPE); + return NULL; + } + /* First test whether the input data is really suitable for this type. This means, whether there is an integer number of records. Note that for this implementation the memory and file size of the -- 2.47.2