Serguey Parkhomovsky wrote:
> Ping? This is the same sanity check that's done in nm(1)'s ELF handling.
Make sense to me. Tentative ok mmcc@
Alternatively, this check could be added to __elf_is_ok__, which is
called right above where you added it. However, the definition of the
function would
Michael McConville wrote:
> Serguey Parkhomovsky wrote:
> > Ping? This is the same sanity check that's done in nm(1)'s ELF handling.
>
> Make sense to me. Tentative ok mmcc@
>
> Alternatively, this check could be added to __elf_is_ok__, which is
> called right above where you added it. However,
Ping? This is the same sanity check that's done in nm(1)'s ELF handling.
On Thu, Dec 10, 2015 at 09:40:11AM -0800, Serguey Parkhomovsky wrote:
> When dealing with a malformed ELF header, e_shentsize may be 0. This
> causes an out of bounds read while finding the symbol table on line 141.
>
>
When dealing with a malformed ELF header, e_shentsize may be 0. This
causes an out of bounds read while finding the symbol table on line 141.
Found using afl.
Index: nlist.c
===
RCS file: /cvs/src/lib/libc/gen/nlist.c,v
retrieving
