Print this page
5535 libelf should check for e_phoff overflow
*** 312,322 ****
fsz *= eh->e_phnum;
ELFACCESSDATA(work, _elf_work)
msz = _elf_msize(ELF_T_PHDR, work) * eh->e_phnum;
if ((eh->e_phoff == 0) ||
! ((fsz + eh->e_phoff) > elf->ed_fsz)) {
_elf_seterr(EFMT_PHTAB, 0);
return (-1);
}
if (inplace && fsz >= msz && eh->e_phoff % sizeof (ElfField) == 0) {
--- 312,323 ----
fsz *= eh->e_phnum;
ELFACCESSDATA(work, _elf_work)
msz = _elf_msize(ELF_T_PHDR, work) * eh->e_phnum;
if ((eh->e_phoff == 0) ||
! (elf->ed_fsz <= eh->e_phoff) ||
! (elf->ed_fsz - eh->e_phoff < fsz)) {
_elf_seterr(EFMT_PHTAB, 0);
return (-1);
}
if (inplace && fsz >= msz && eh->e_phoff % sizeof (ElfField) == 0) {