diff options
| author | Mark Wielaard <[email protected]> | 2014-11-30 21:03:57 +0100 |
|---|---|---|
| committer | Mark Wielaard <[email protected]> | 2014-12-04 14:47:43 +0100 |
| commit | 0ed4f98a89fd465c25eb8ac2ef75c10a82f9c5e0 (patch) | |
| tree | 32a8c3f4277bd1e94c74de143c4584b3707f8cbc /src/readelf.c | |
| parent | 99581b6c837cc3fccb75fa75c4caeac8c5c3ec5b (diff) | |
readelf: Fix overflow check in handle_sysv_hash64.
Since all values are 64bit, not 32bit as in other hashes, we need to
explicitly check for overflow.
Signed-off-by: Mark Wielaard <[email protected]>
Diffstat (limited to 'src/readelf.c')
| -rw-r--r-- | src/readelf.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/readelf.c b/src/readelf.c index 69ae5d0d..89b17547 100644 --- a/src/readelf.c +++ b/src/readelf.c @@ -3055,8 +3055,10 @@ handle_sysv_hash64 (Ebl *ebl, Elf_Scn *scn, GElf_Shdr *shdr, size_t shstrndx) Elf64_Xword nbucket = ((Elf64_Xword *) data->d_buf)[0]; Elf64_Xword nchain = ((Elf64_Xword *) data->d_buf)[1]; - uint64_t used_buf = (2ULL + nchain + nbucket) * sizeof (Elf64_Xword); - if (used_buf > data->d_size) + uint64_t maxwords = data->d_size / sizeof (Elf64_Xword); + if (maxwords < 2 + || maxwords - 2 < nbucket + || maxwords - 2 - nbucket < nchain) goto invalid_data; Elf64_Xword *bucket = &((Elf64_Xword *) data->d_buf)[2]; |