Date: Fri, 16 Jan 2015 15:16:20 +0000 (UTC) From: Ed Maste <emaste@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r277249 - head/contrib/elftoolchain/libelf Message-ID: <201501161516.t0GFGKhu015285@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emaste Date: Fri Jan 16 15:16:19 2015 New Revision: 277249 URL: https://svnweb.freebsd.org/changeset/base/277249 Log: Verify that section header offset is not past EOF MFC After: 1 week Sponsored by: The FreeBSD Foundation Modified: head/contrib/elftoolchain/libelf/elf_scn.c Modified: head/contrib/elftoolchain/libelf/elf_scn.c ============================================================================== --- head/contrib/elftoolchain/libelf/elf_scn.c Fri Jan 16 15:10:55 2015 (r277248) +++ head/contrib/elftoolchain/libelf/elf_scn.c Fri Jan 16 15:16:19 2015 (r277249) @@ -60,7 +60,8 @@ _libelf_load_section_headers(Elf *e, voi assert((e->e_flags & LIBELF_F_SHDRS_LOADED) == 0); #define CHECK_EHDR(E,EH) do { \ - if (fsz != (EH)->e_shentsize || \ + if (shoff > e->e_rawsize || \ + fsz != (EH)->e_shentsize || \ shnum > SIZE_MAX / fsz || \ fsz * shnum > e->e_rawsize - shoff) { \ LIBELF_SET_ERROR(HEADER, 0); \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201501161516.t0GFGKhu015285>