diff options
author | Mark Wielaard <mjw@redhat.com> | 2015-06-04 13:51:27 +0200 |
---|---|---|
committer | Mark Wielaard <mjw@redhat.com> | 2015-06-08 11:12:38 +0200 |
commit | 560aa98b9aaa89ce345239de865eda0ba403af68 (patch) | |
tree | d139b7f70b782c059a6a50d6e87854d001745a88 /libelf/elf_begin.c | |
parent | b9fd0eee50b028e4752595a8cc293bf2c331b1b9 (diff) | |
download | elfutils-560aa98b9aaa89ce345239de865eda0ba403af68.tar.gz |
libelf: Check e_shoff alignment before direct access of Elf(32|64)_Shdr.
In get_shnum the check was whether the Elf(32|64)_Ehdr was correctly
aligned, but to access the Shdr directly we need to check whether the
address that points to the Elf(32|64)_Shdr structure is correctly aligned.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Diffstat (limited to 'libelf/elf_begin.c')
-rw-r--r-- | libelf/elf_begin.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c index e2e3b6b4..f002ebf0 100644 --- a/libelf/elf_begin.c +++ b/libelf/elf_begin.c @@ -151,8 +151,8 @@ get_shnum (void *map_address, unsigned char *e_ident, int fildes, off_t offset, if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA && (ALLOW_UNALIGNED - || (((size_t) ((char *) map_address + offset)) - & (__alignof__ (Elf32_Ehdr) - 1)) == 0)) + || (((size_t) ((char *) map_address + ehdr.e32->e_shoff)) + & (__alignof__ (Elf32_Shdr) - 1)) == 0)) /* We can directly access the memory. */ result = ((Elf32_Shdr *) ((char *) map_address + ehdr.e32->e_shoff + offset))->sh_size; @@ -201,8 +201,8 @@ get_shnum (void *map_address, unsigned char *e_ident, int fildes, off_t offset, Elf64_Xword size; if (likely (map_address != NULL) && e_ident[EI_DATA] == MY_ELFDATA && (ALLOW_UNALIGNED - || (((size_t) ((char *) map_address + offset)) - & (__alignof__ (Elf64_Ehdr) - 1)) == 0)) + || (((size_t) ((char *) map_address + ehdr.e64->e_shoff)) + & (__alignof__ (Elf64_Shdr) - 1)) == 0)) /* We can directly access the memory. */ size = ((Elf64_Shdr *) ((char *) map_address + ehdr.e64->e_shoff + offset))->sh_size; |