diff options
author | Mark Wielaard <mjw@redhat.com> | 2016-03-21 16:01:02 +0100 |
---|---|---|
committer | Mark Wielaard <mjw@redhat.com> | 2016-03-21 16:09:42 +0100 |
commit | 911f11a0054264ffbfae8f8e400aea52b8d1d620 (patch) | |
tree | 86e61d9eceea33a1e6bbf83a05b23a92a3c5f5ad /src/nm.c | |
parent | 9ba245842af829bf4f3530747037993d5bc8b16a (diff) | |
download | elfutils-911f11a0054264ffbfae8f8e400aea52b8d1d620.tar.gz |
nm: Check for malloc size argument overflow in show_symbols.
Reported-by: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Diffstat (limited to 'src/nm.c')
-rw-r--r-- | src/nm.c | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -1311,6 +1311,11 @@ show_symbols (int fd, Ebl *ebl, GElf_Ehdr *ehdr, XXX We can use a dirty trick here. Since GElf_Sym == Elf64_Sym we can use the data memory instead of copying again if what we read is a 64 bit file. */ + if (nentries > SIZE_MAX / sizeof (GElf_SymX)) + error (EXIT_FAILURE, 0, + gettext ("%s: entries (%zd) in section %zd `%s' is too large"), + fullname, nentries, elf_ndxscn (scn), + elf_strptr (ebl->elf, shstrndx, shdr->sh_name)); GElf_SymX *sym_mem; if (nentries * sizeof (GElf_SymX) < MAX_STACK_ALLOC) sym_mem = (GElf_SymX *) alloca (nentries * sizeof (GElf_SymX)); |