On 32bit using int might overflow. https://bugzilla.redhat.com/show_bug.cgi?id=1170810#c31
Signed-off-by: Mark Wielaard <[email protected]> --- src/ChangeLog | 2 ++ src/elflint.c | 8 ++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/ChangeLog b/src/ChangeLog index 486f20f..93f4aba 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -2,6 +2,8 @@ * elflint.c (check_gnu_hash): Return early when 2nd hash function shift too big. + (check_verdef): Use Elf64_Word for shdr->sh_info cnt. + (check_verneed): Likewise. 2015-05-05 Mark Wielaard <[email protected]> diff --git a/src/elflint.c b/src/elflint.c index 3abda71..4e53646 100644 --- a/src/elflint.c +++ b/src/elflint.c @@ -3037,8 +3037,10 @@ section [%2d] '%s': sh_link does not link to string table\n"), return; } unsigned int offset = 0; - for (int cnt = shdr->sh_info; --cnt >= 0; ) + for (Elf64_Word cnt = shdr->sh_info; cnt > 0; ) { + cnt--; + /* Get the data at the next offset. */ GElf_Verneed needmem; GElf_Verneed *need = gelf_getverneed (data, offset, &needmem); @@ -3196,8 +3198,10 @@ section [%2d] '%s': sh_link does not link to string table\n"), bool has_base = false; unsigned int offset = 0; - for (int cnt = shdr->sh_info; --cnt >= 0; ) + for (Elf64_Word cnt = shdr->sh_info; cnt > 0; ) { + cnt--; + /* Get the data at the next offset. */ GElf_Verdef defmem; GElf_Verdef *def = gelf_getverdef (data, offset, &defmem); -- 2.1.0
