[PATCH] libelf: Check index_size doesn't overflow in elf_getarsym.

Mark Wielaard Tue, 16 Dec 2014 11:04:10 -0800

Signed-off-by: Mark Wielaard <m...@redhat.com>
---
 libelf/ChangeLog      | 4 ++++
 libelf/elf_getarsym.c | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)


diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 7406509..fe210ab 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,5 +1,9 @@
 2014-12-15  Mark Wielaard  <m...@redhat.com>
 
+       * elf_getarsym.c (elf_getarsym): Check index_size doesn't overflow.
+
+2014-12-15  Mark Wielaard  <m...@redhat.com>
+
        * elf_begin.c (read_long_names): Clear any garbage left in the
        name table.
 
diff --git a/libelf/elf_getarsym.c b/libelf/elf_getarsym.c
index ba88aa0..40633aa 100644
--- a/libelf/elf_getarsym.c
+++ b/libelf/elf_getarsym.c
@@ -182,7 +182,8 @@ elf_getarsym (elf, ptr)
       tmpbuf[10] = '\0';
       size_t index_size = atol (tmpbuf);
 
-      if (SARMAG + sizeof (struct ar_hdr) + index_size > elf->maximum_size
+      if (index_size > elf->maximum_size
+         || elf->maximum_size - index_size < SARMAG + sizeof (struct ar_hdr)
 #if SIZE_MAX <= 4294967295U
          || n >= SIZE_MAX / sizeof (Elf_Arsym)
 #endif
-- 
1.8.3.1

[PATCH] libelf: Check index_size doesn't overflow in elf_getarsym.

Reply via email to