libelf: Fix unbounded stack usage in elf_getarsym for !ALLOW_UNALIGNED case.

The number of entries in the index can be large, don't use alloca to
read in temporary data, use malloc (which is freed after out).

Signed-off-by: Mark Wielaard <mjw@redhat.com>

2 files changed, 14 insertions, 1 deletions

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index b749c085..4fd3f9f5 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2015-05-31  Mark Wielaard  <mjw@redhat.com>
+
+	* elf_getarsym.c (elf_getarsym): Allocate temporary file_date with
+	malloc, not alloca also in !ALLOW_UNALIGNED case.
+
 2015-05-30  Mark Wielaard  <mjw@redhat.com>
 
 	* gelf_xlate.c (elf_cvt_Byte): Only call memmove with non-zero size.
diff --git a/libelf/elf_getarsym.c b/libelf/elf_getarsym.c
index 4f2080a8..83242441 100644
--- a/libelf/elf_getarsym.c
+++ b/libelf/elf_getarsym.c
@@ -255,7 +255,15 @@ elf_getarsym (elf, ptr)
 	      file_data = (void *) (elf->map_address + off);
 	      if (!ALLOW_UNALIGNED
 		  && ((uintptr_t) file_data & -(uintptr_t) n) != 0)
-		file_data = memcpy (alloca (sz), elf->map_address + off, sz);
+		{
+		  temp_data = malloc (sz);
+		  if (unlikely (temp_data == NULL))
+		    {
+		      __libelf_seterrno (ELF_E_NOMEM);
+		      goto out;
+		    }
+		  file_data = memcpy (temp_data, elf->map_address + off, sz);
+		}
 	      str_data = (char *) (elf->map_address + off + sz);
 	    }