diff options
| author | Mark Wielaard <mjw@redhat.com> | 2014-12-26 22:57:00 +0100 |
|---|---|---|
| committer | Mark Wielaard <mjw@redhat.com> | 2015-01-12 22:11:17 +0100 |
| commit | 555fdae16cea49d0540858b3acb3d2f3e63c123c (patch) | |
| tree | 0838c06ae28dcaf2422c83dfc36d09f728739290 | |
| parent | 309e712fea93473ac9b1aa361456fce8d3867baa (diff) | |
| download | android_external_elfutils-555fdae16cea49d0540858b3acb3d2f3e63c123c.tar.gz android_external_elfutils-555fdae16cea49d0540858b3acb3d2f3e63c123c.tar.bz2 android_external_elfutils-555fdae16cea49d0540858b3acb3d2f3e63c123c.zip | |
strings: Produce error when section data falls outside file.
https://bugzilla.redhat.com/show_bug.cgi?id=1170810
Reported-by: Alexander Cherepanov <cherepan@mccme.ru>
Signed-off-by: Mark Wielaard <mjw@redhat.com>
| -rw-r--r-- | src/ChangeLog | 5 | ||||
| -rw-r--r-- | src/strings.c | 17 |
2 files changed, 20 insertions, 2 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index 904b3c99..66d62705 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,10 @@ 2014-12-26 Mark Wielaard <mjw@redhat.com> + * strings.c (read_elf): Produce error when section data falls outside + file. + +2014-12-26 Mark Wielaard <mjw@redhat.com> + * nm.c (show_symbols): Guard against divide by zero in error check. Add section index number in error message. diff --git a/src/strings.c b/src/strings.c index f60e4b4d..b2bce7b4 100644 --- a/src/strings.c +++ b/src/strings.c @@ -725,8 +725,21 @@ read_elf (Elf *elf, int fd, const char *fname, off64_t fdlen) actually have content. */ if (shdr != NULL && shdr->sh_type != SHT_NOBITS && (shdr->sh_flags & SHF_ALLOC) != 0) - result |= read_block (fd, fname, fdlen, shdr->sh_offset, - shdr->sh_offset + shdr->sh_size); + { + if (shdr->sh_offset > (Elf64_Off) fdlen + || fdlen - shdr->sh_offset < shdr->sh_size) + { + size_t strndx = 0; + elf_getshdrstrndx (elf, &strndx); + error (0, 0, + gettext ("Skipping section %zd '%s' data outside file"), + elf_ndxscn (scn), elf_strptr (elf, strndx, shdr->sh_name)); + result = 1; + } + else + result |= read_block (fd, fname, fdlen, shdr->sh_offset, + shdr->sh_offset + shdr->sh_size); + } } while ((scn = elf_nextscn (elf, scn)) != NULL); |