diff options
author | Mark Wielaard <mark@klomp.org> | 2021-12-23 23:16:25 +0100 |
---|---|---|
committer | Mark Wielaard <mark@klomp.org> | 2022-01-04 00:36:49 +0100 |
commit | 1cf73965853037301a6099dea5368a1303cde2ba (patch) | |
tree | 7de7e275009a2fa2eb04b54712a6a807a4a76609 /libdwfl | |
parent | 4fdd85881c8acd06db737c45ea6aabc60aef3d4d (diff) | |
download | elfutils-1cf73965853037301a6099dea5368a1303cde2ba.tar.gz |
libdwfl: Make sure dwfl_elf_phdr_memory_callback returns at least minread
The callers of dwfl_elf_phdr_memory_callback assume at least minread
bytes are read and available. Make sure to check start is smaller than
elf->maximum_size before reading more. Return false if end - start is
smaller than minread.
Found by afl-fuzz.
Signed-off-by: Mark Wielaard <mark@klomp.org>
Diffstat (limited to 'libdwfl')
-rw-r--r-- | libdwfl/ChangeLog | 5 | ||||
-rw-r--r-- | libdwfl/core-file.c | 6 |
2 files changed, 10 insertions, 1 deletions
diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog index abd5c34a..49a35e41 100644 --- a/libdwfl/ChangeLog +++ b/libdwfl/ChangeLog @@ -1,3 +1,8 @@ +2021-12-23 Mark Wielaard <mark@klomp.org> + + * core-file.c (dwfl_elf_phdr_memory_callback): Check start < + elf->maximum_size and end - start < minread. + 2021-12-20 Mark Wielaard <mark@klomp.org> * dwfl_segment_report_module.c (dwfl_segment_report_module): Move diff --git a/libdwfl/core-file.c b/libdwfl/core-file.c index b04d1d18..cefc3db0 100644 --- a/libdwfl/core-file.c +++ b/libdwfl/core-file.c @@ -1,5 +1,6 @@ /* Core file handling. Copyright (C) 2008-2010, 2013, 2015 Red Hat, Inc. + Copyright (C) 2021 Mark J. Wielaard <mark@klomp.org> This file is part of elfutils. This file is free software; you can redistribute it and/or modify @@ -320,7 +321,7 @@ dwfl_elf_phdr_memory_callback (Dwfl *dwfl, int ndx, (void) more (*buffer_available); /* If it's already on hand anyway, use as much as there is. */ - if (elf->map_address != NULL) + if (elf->map_address != NULL && start < elf->maximum_size) (void) more (elf->maximum_size - start); /* Make sure we don't look past the end of the actual file, @@ -332,6 +333,9 @@ dwfl_elf_phdr_memory_callback (Dwfl *dwfl, int ndx, if (unlikely (start >= end)) return false; + if (end - start < minread) + return false; + if (elf->map_address != NULL) { void *contents = elf->map_address + elf->start_offset + start; |