summaryrefslogtreecommitdiffstats
path: root/libelf/elf_getshdrstrndx.c
diff options
context:
space:
mode:
Diffstat (limited to 'libelf/elf_getshdrstrndx.c')
-rw-r--r--libelf/elf_getshdrstrndx.c42
1 files changed, 36 insertions, 6 deletions
diff --git a/libelf/elf_getshdrstrndx.c b/libelf/elf_getshdrstrndx.c
index 57ad8005..5ba14e15 100644
--- a/libelf/elf_getshdrstrndx.c
+++ b/libelf/elf_getshdrstrndx.c
@@ -104,10 +104,25 @@ elf_getshdrstrndx (elf, dst)
if (elf->map_address != NULL
&& elf->state.elf32.ehdr->e_ident[EI_DATA] == MY_ELFDATA
&& (ALLOW_UNALIGNED
- || (((size_t) ((char *) elf->map_address + offset))
+ || (((size_t) ((char *) elf->map_address
+ + elf->start_offset + offset))
& (__alignof__ (Elf32_Shdr) - 1)) == 0))
- /* We can directly access the memory. */
- num = ((Elf32_Shdr *) (elf->map_address + offset))->sh_link;
+ {
+ /* First see whether the information in the ELF header is
+ valid and it does not ask for too much. */
+ if (unlikely (elf->maximum_size - offset
+ < sizeof (Elf32_Shdr)))
+ {
+ /* Something is wrong. */
+ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
+ result = -1;
+ goto out;
+ }
+
+ /* We can directly access the memory. */
+ num = ((Elf32_Shdr *) (elf->map_address + elf->start_offset
+ + offset))->sh_link;
+ }
else
{
/* We avoid reading in all the section headers. Just read
@@ -142,10 +157,25 @@ elf_getshdrstrndx (elf, dst)
if (elf->map_address != NULL
&& elf->state.elf64.ehdr->e_ident[EI_DATA] == MY_ELFDATA
&& (ALLOW_UNALIGNED
- || (((size_t) ((char *) elf->map_address + offset))
+ || (((size_t) ((char *) elf->map_address
+ + elf->start_offset + offset))
& (__alignof__ (Elf64_Shdr) - 1)) == 0))
- /* We can directly access the memory. */
- num = ((Elf64_Shdr *) (elf->map_address + offset))->sh_link;
+ {
+ /* First see whether the information in the ELF header is
+ valid and it does not ask for too much. */
+ if (unlikely (elf->maximum_size - offset
+ < sizeof (Elf64_Shdr)))
+ {
+ /* Something is wrong. */
+ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
+ result = -1;
+ goto out;
+ }
+
+ /* We can directly access the memory. */
+ num = ((Elf64_Shdr *) (elf->map_address + elf->start_offset
+ + offset))->sh_link;
+ }
else
{
/* We avoid reading in all the section headers. Just read
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-18 12:34:35 +0000