summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--libelf/ChangeLog6
-rw-r--r--libelf/elf_begin.c22
2 files changed, 20 insertions, 8 deletions
diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 303975b3..38142087 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,3 +1,9 @@
+2010-02-17 Roland McGrath <[email protected]>
+
+ * elf_begin.c (file_read_elf): Leave section rawdata_base and
+ data_base pointers null when [sh_offset,sh_size) points outside
+ the mapped file.
+
2010-02-15 Roland McGrath <[email protected]>
* Makefile.am: Use config/eu.am for common stuff.
diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c
index 896d86b6..0b9583b2 100644
--- a/libelf/elf_begin.c
+++ b/libelf/elf_begin.c
@@ -338,10 +338,13 @@ file_read_elf (int fildes, void *map_address, unsigned char *e_ident,
elf->state.elf32.scns.data[cnt].elf = elf;
elf->state.elf32.scns.data[cnt].shdr.e32 =
&elf->state.elf32.shdr[cnt];
- elf->state.elf32.scns.data[cnt].rawdata_base =
- elf->state.elf32.scns.data[cnt].data_base =
- ((char *) map_address + offset
- + elf->state.elf32.shdr[cnt].sh_offset);
+ if (likely (elf->state.elf32.shdr[cnt].sh_offset < maxsize)
+ && likely (maxsize - elf->state.elf32.shdr[cnt].sh_offset
+ <= elf->state.elf32.shdr[cnt].sh_size))
+ elf->state.elf32.scns.data[cnt].rawdata_base =
+ elf->state.elf32.scns.data[cnt].data_base =
+ ((char *) map_address + offset
+ + elf->state.elf32.shdr[cnt].sh_offset);
elf->state.elf32.scns.data[cnt].list = &elf->state.elf32.scns;
/* If this is a section with an extended index add a
@@ -423,10 +426,13 @@ file_read_elf (int fildes, void *map_address, unsigned char *e_ident,
elf->state.elf64.scns.data[cnt].elf = elf;
elf->state.elf64.scns.data[cnt].shdr.e64 =
&elf->state.elf64.shdr[cnt];
- elf->state.elf64.scns.data[cnt].rawdata_base =
- elf->state.elf64.scns.data[cnt].data_base =
- ((char *) map_address + offset
- + elf->state.elf64.shdr[cnt].sh_offset);
+ if (likely (elf->state.elf64.shdr[cnt].sh_offset < maxsize)
+ && likely (maxsize - elf->state.elf64.shdr[cnt].sh_offset
+ <= elf->state.elf64.shdr[cnt].sh_size))
+ elf->state.elf64.scns.data[cnt].rawdata_base =
+ elf->state.elf64.scns.data[cnt].data_base =
+ ((char *) map_address + offset
+ + elf->state.elf64.shdr[cnt].sh_offset);
elf->state.elf64.scns.data[cnt].list = &elf->state.elf64.scns;
/* If this is a section with an extended index add a
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 09:49:22 +0000