il_5535 Udiff usr/src/cmd/sgs/libelf/common/clscook.c

Print this page

5535 libelf should check for e_phoff overflow

@@ -312,11 +312,12 @@
 
         fsz *= eh->e_phnum;
         ELFACCESSDATA(work, _elf_work)
         msz = _elf_msize(ELF_T_PHDR, work) * eh->e_phnum;
         if ((eh->e_phoff == 0) ||
-            ((fsz + eh->e_phoff) > elf->ed_fsz)) {
+            (elf->ed_fsz <= eh->e_phoff) ||
+            (elf->ed_fsz - eh->e_phoff < fsz)) {
                 _elf_seterr(EFMT_PHTAB, 0);
                 return (-1);
         }
 
         if (inplace && fsz >= msz && eh->e_phoff % sizeof (ElfField) == 0) {