libelf: Check index_size doesn't overflow in elf_getarsym.

Signed-off-by: Mark Wielaard <[email protected]>
author: Mark Wielaard <[email protected]> 2014-12-16 19:43:21 +0100
committer: Mark Wielaard <[email protected]> 2014-12-17 16:49:02 +0100
commit: 4bb122a87608a1e0f7c27341fe1b3cd05c1462be (patch)
tree: ef14682617a1d2dd0b5fdd545e603d91a6b7d9b6 /libelf/elf_getarsym.c
parent: 7f9ea70d2be1d8c43eeff24b7efaf933c865fd0d (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/libelf/elf_getarsym.c b/libelf/elf_getarsym.c
index ba88aa0a..40633aa8 100644
--- a/libelf/elf_getarsym.c
+++ b/libelf/elf_getarsym.c
@@ -182,7 +182,8 @@ elf_getarsym (elf, ptr)
       tmpbuf[10] = '\0';
       size_t index_size = atol (tmpbuf);
 
-      if (SARMAG + sizeof (struct ar_hdr) + index_size > elf->maximum_size
+      if (index_size > elf->maximum_size
+	  || elf->maximum_size - index_size < SARMAG + sizeof (struct ar_hdr)
 #if SIZE_MAX <= 4294967295U
 	  || n >= SIZE_MAX / sizeof (Elf_Arsym)
 #endif
author	Mark Wielaard <[email protected]>	2014-12-16 19:43:21 +0100
committer	Mark Wielaard <[email protected]>	2014-12-17 16:49:02 +0100
commit	4bb122a87608a1e0f7c27341fe1b3cd05c1462be (patch)
tree	ef14682617a1d2dd0b5fdd545e603d91a6b7d9b6 /libelf/elf_getarsym.c
parent	7f9ea70d2be1d8c43eeff24b7efaf933c865fd0d (diff)