libelf test for section size in wrong place
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
elfutils (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
It seems to me that the test for an invalid section size
wants be moved up from the map case to cover both the read and the map
case.
To guard against a bogus section size for both cases.
Rather than relying on a malloc failure to catch a
completely bogus section size.
Thus allowing a more accurate error indication.
From elfutils_
elfutils-
--- elf_getdata.c.orig 2017-05-23 10:56:05.547607473 -0700
+++ elf_getdata.c 2017-05-23 11:08:27.459670572 -0700
@@ -292,21 +292,20 @@
__libelf_
return 1;
}
+ /* First see whether the information in the section header is
+ valid and it does not ask for too much. Check for unsigned
+ overflow. */
+ if (unlikely (offset > elf->maximum_size
+ || elf->maximum_size - offset < size))
+ {
+ /* Something is wrong. */
+ __libelf_seterrno (ELF_E_
+ return 1;
+ }
/* We can use the mapped or loaded data if available. */
if (elf->map_address != NULL)
{
- /* First see whether the information in the section header is
- valid and it does not ask for too much. Check for unsigned
- overflow. */
- if (unlikely (offset > elf->maximum_size
- || elf->maximum_size - offset < size))
- {
- /* Something is wrong. */
- __libelf_seterrno (ELF_E_
- return 1;
- }
-
scn-
= (char *) elf->map_address + elf->start_offset + offset;
}