Fix possible crash in note conversion.

author: Roland McGrath <[email protected]> 2009-01-05 00:10:11 -0800
committer: Roland McGrath <[email protected]> 2009-01-21 15:55:52 -0800
commit: 2fe76eae69157303b1458c17cf15c33ab385c49a (patch)
tree: 46ba19578e350a44fe586ef92f4cd81b374208e7 /libelf
parent: 07ba31fc8249d8d0ff77b11e8ffc2df7fa775123 (diff)
2 files changed, 7 insertions, 2 deletions
diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 38d352de..56e0aa05 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,8 @@
+2009-01-04  Roland McGrath  <[email protected]>
+
+	* note_xlate.h (elf_cvt_note): Don't examine a size too small to
+	container a note header.
+
 2009-01-21  Ulrich Drepper  <[email protected]>
 
 	* elf32_updatefile.c (elfXX_updatemmap): When skipping non-NOBITS
diff --git a/libelf/note_xlate.h b/libelf/note_xlate.h
index 6e8b78c6..a72fe868 100644
--- a/libelf/note_xlate.h
+++ b/libelf/note_xlate.h
@@ -1,5 +1,5 @@
 /* Conversion functions for notes.
-   Copyright (C) 2007 Red Hat, Inc.
+   Copyright (C) 2007, 2009 Red Hat, Inc.
    This file is part of Red Hat elfutils.
 
    Red Hat elfutils is free software; you can redistribute it and/or modify
@@ -52,7 +52,7 @@ elf_cvt_note (void *dest, const void *src, size_t len, int encode)
 {
   assert (sizeof (Elf32_Nhdr) == sizeof (Elf64_Nhdr));
 
-  while (len > 0)
+  while (len >= sizeof (Elf32_Nhdr))
     {
       (1 ? Elf32_cvt_Nhdr : Elf64_cvt_Nhdr) (dest, src, sizeof (Elf32_Nhdr),
 					     encode);
author	Roland McGrath <[email protected]>	2009-01-05 00:10:11 -0800
committer	Roland McGrath <[email protected]>	2009-01-21 15:55:52 -0800
commit	2fe76eae69157303b1458c17cf15c33ab385c49a (patch)
tree	46ba19578e350a44fe586ef92f4cd81b374208e7 /libelf
parent	07ba31fc8249d8d0ff77b11e8ffc2df7fa775123 (diff)