diff options
| author | Mark Wielaard <mark@klomp.org> | 2017-03-27 23:59:02 +0200 |
|---|---|---|
| committer | Mark Wielaard <mark@klomp.org> | 2017-04-04 00:15:15 +0200 |
| commit | 9a0d9d314a6342b56e3277bd7ad7ecb6e73a7d38 (patch) | |
| tree | 69f11ab54333bb35803c303f5963df7373cbdb76 | |
| parent | a3bf8f0852d0f66911dcf879c5a1fcff3cb4cb46 (diff) | |
| download | elfutils-9a0d9d314a6342b56e3277bd7ad7ecb6e73a7d38.tar.gz | |
elflint: Check symbol table data is big enough before checking.
Before checking symbol index zero we should make sure the data size
is big enough.
https://sourceware.org/bugzilla/show_bug.cgi?id=21310
Signed-off-by: Mark Wielaard <mark@klomp.org>
| -rw-r--r-- | src/ChangeLog | 4 | ||||
| -rw-r--r-- | src/elflint.c | 3 |
2 files changed, 6 insertions, 1 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index 41381aa0..6031213f 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2017-03-27 Mark Wielaard <mark@klomp.org> + + * elflint.c (check_symtab_shndx): Check data->d_size. + 2017-03-24 Mark Wielaard <mjw@redhat.com> * elfcmp.c (main): If n_namesz == 0 then the note name data is the diff --git a/src/elflint.c b/src/elflint.c index 66a13ca2..76fb1a0c 100644 --- a/src/elflint.c +++ b/src/elflint.c @@ -1959,7 +1959,8 @@ section [%2d] '%s': extended section index in section [%2zu] '%s' refers to same return; } - if (*((Elf32_Word *) data->d_buf) != 0) + if (data->d_size < sizeof (Elf32_Word) + || *((Elf32_Word *) data->d_buf) != 0) ERROR (gettext ("symbol 0 should have zero extended section index\n")); for (size_t cnt = 1; cnt < data->d_size / sizeof (Elf32_Word); ++cnt) |