In mixed core notes, don't let handle_core_item repeat.

If a core note contains both registers and items, descsz is 0 to express that we don't wish to repeat the items. If there is only one item in such note, a special block of code hits that passes &size to handle_core_item, which will decrease that size by the amount consumed by the item. But because size is 0, it underflows and wraps, and the loop following this block, which handles the common case, overruns the core note buffer. Signed-off-by: Petr Machata <[email protected]>
author: Petr Machata <[email protected]> 2012-09-19 16:52:07 +0200
committer: Petr Machata <[email protected]> 2012-09-25 01:37:29 +0200
commit: 70f5da6cd480615718665e18f6d55c6d1caab1d5 (patch)
tree: 6ea65c77e573c3d1c22d4474cce0485672beac3c /src/readelf.c
parent: 4a97fd95996d54c1b39c0ab56ecfa8b1dcaeb615 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/src/readelf.c b/src/readelf.c
index 2954e742..5d167ebc 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -7699,7 +7699,11 @@ handle_core_items (Elf *core, const void *desc, size_t descsz,
   if (nitems == 1)
     {
       size_t size = descsz;
-      colno = handle_core_item (core, sorted_items[0], desc, colno, &size);
+      /* If this note contains registers as well as items, don't pass
+	 &size to express that we don't wish to repeat.  */
+      colno = handle_core_item (core, sorted_items[0], desc, colno,
+				size != 0 ? &size : NULL);
+
       if (size == 0)
 	return colno;
       desc += descsz - size;
author	Petr Machata <[email protected]>	2012-09-19 16:52:07 +0200
committer	Petr Machata <[email protected]>	2012-09-25 01:37:29 +0200
commit	70f5da6cd480615718665e18f6d55c6d1caab1d5 (patch)
tree	6ea65c77e573c3d1c22d4474cce0485672beac3c /src/readelf.c
parent	4a97fd95996d54c1b39c0ab56ecfa8b1dcaeb615 (diff)