32bit ELF can only represent up to UINT32_MAX bytes in d_size. Sanity
check that the uncompressed size isn't bigger so we don't silently
truncate it.
* libelf/elf_compress_gnu.c (elf_compress_gnu): Check gsize
fits UINT32_MAX for ELFCLASS32.
Signed-off-by: Mark Wielaard <[email protected]>
---
libelf/elf_compress_gnu.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libelf/elf_compress_gnu.c b/libelf/elf_compress_gnu.c
index 006e2ae4126d..a9fff07edc2d 100644
--- a/libelf/elf_compress_gnu.c
+++ b/libelf/elf_compress_gnu.c
@@ -168,8 +168,11 @@ elf_compress_gnu (Elf_Scn *scn, int inflate, unsigned int
flags)
/* One more sanity check, size should be bigger than original
data size plus some overhead (4 chars ZLIB + 8 bytes size + 6
bytes zlib stream overhead + 5 bytes overhead max for one 16K
- block) and should fit into a size_t. */
- if (gsize + 4 + 8 + 6 + 5 < data->d_size || gsize > SIZE_MAX)
+ block) and should fit into a size_t (or in UINT32_MAX for
+ 32bit ELF). */
+ if (gsize + 4 + 8 + 6 + 5 < data->d_size
+ || gsize > SIZE_MAX
+ || (elfclass == ELFCLASS32 && gsize > UINT32_MAX))
{
__libelf_seterrno (ELF_E_NOT_COMPRESSED);
return -1;
--
2.53.0
