diff options
author | Mark Wielaard <mark@klomp.org> | 2021-12-12 23:26:18 +0100 |
---|---|---|
committer | Mark Wielaard <mark@klomp.org> | 2021-12-12 23:26:18 +0100 |
commit | db862a11910a5d4c007c549c2b4ce4cad62f242b (patch) | |
tree | 26617b35eddb02757146ed8ede413cc2e936eaba /libdwfl/ChangeLog | |
parent | 80ea3cf328eb94fd78e494d0128561f53e20114d (diff) | |
download | elfutils-db862a11910a5d4c007c549c2b4ce4cad62f242b.tar.gz |
libdwfl: Don't allocate more than SIZE_MAX in dwfl_segment_report_module.
The code in dwfl_segment_report_module tries to allocate and fill in
memory as described in a core file. Normally all memory in filled in
through the (phdrs) memory_callback or the read_eagerly callback. If
the last callback doesn't work we try to calloc file_trimmed_end bytes
and then try to fill in the parts of memory we can from the core file
at the correct offsets.
file_trimmed_end is a GElf_Off which is an unsigned 64bit type. On
32bit systems this means when cast to a size_t to do an allocation
might allocate truncated (much smaller) value. So make sure to not
allocate more than SIZE_MAX bytes.
It would be nice to have a better way to limit the amount of memory
allocated here. A core file might describe really big memory areas for
which it doesn't provide any data. In that case we really shouldn't
calloc mega- or giga-bytes of zeroed out memory.
Reported-by: Evgeny Vereshchagin <evvers@ya.ru>
Signed-off-by: Mark Wielaard <mark@klomp.org>
Diffstat (limited to 'libdwfl/ChangeLog')
-rw-r--r-- | libdwfl/ChangeLog | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog index 856bd335..aaea164c 100644 --- a/libdwfl/ChangeLog +++ b/libdwfl/ChangeLog @@ -1,3 +1,8 @@ +2021-12-12 Mark Wielaard <mark@klomp.org> + + * dwfl_segment_report_module.c (dwfl_segment_report_module): Don't + allocate more than SIZE_MAX. + 2021-12-09 Mark Wielaard <mark@klomp.org> * link_map.c (dwfl_link_map_report): Limit dyn_filesz malloc size |