diff options
| author | Ed Maste <emaste@FreeBSD.org> | 2015-05-14 17:48:57 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2015-05-14 17:48:57 +0000 |
| commit | d400e40862bdee2fea9afc4b27b3391807a9050c (patch) | |
| tree | 7f2977438f192e551b9f0b35dc1d0465526a2704 /readelf | |
| parent | 84d41a2986852c0d7d820f95b41c1db1cc818027 (diff) | |
Notes
Diffstat (limited to 'readelf')
| -rw-r--r-- | readelf/readelf.1 | 4 | ||||
| -rw-r--r-- | readelf/readelf.c | 32 |
2 files changed, 24 insertions, 12 deletions
diff --git a/readelf/readelf.1 b/readelf/readelf.1 index 8419d95fbce81..a71e85f24c8f5 100644 --- a/readelf/readelf.1 +++ b/readelf/readelf.1 @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $Id: readelf.1 3059 2014-06-02 00:42:32Z kaiwang27 $ +.\" $Id: readelf.1 3195 2015-05-12 17:22:19Z emaste $ .\" .Dd September 13, 2012 .Os @@ -194,4 +194,4 @@ separate lines. The .Nm utility was written by -.An "Kai Wang" Aq kaiwang27@users.sourceforge.net . +.An Kai Wang Aq Mt kaiwang27@users.sourceforge.net . diff --git a/readelf/readelf.c b/readelf/readelf.c index bca228cec1350..29bc389550404 100644 --- a/readelf/readelf.c +++ b/readelf/readelf.c @@ -46,7 +46,7 @@ #include "_elftc.h" -ELFTC_VCSID("$Id: readelf.c 3178 2015-03-30 18:29:13Z emaste $"); +ELFTC_VCSID("$Id: readelf.c 3189 2015-04-20 17:02:01Z emaste $"); /* * readelf(1) options. @@ -2673,7 +2673,7 @@ dump_phdr(struct readelf *re) { const char *rawfile; GElf_Phdr phdr; - size_t phnum; + size_t phnum, size; int i, j; #define PH_HDR "Type", "Offset", "VirtAddr", "PhysAddr", "FileSiz", \ @@ -2726,10 +2726,14 @@ dump_phdr(struct readelf *re) " 0x%16.16jx 0x%16.16jx %c%c%c" " %#jx\n", PH_CT); if (phdr.p_type == PT_INTERP) { - if ((rawfile = elf_rawfile(re->elf, NULL)) == NULL) { + if ((rawfile = elf_rawfile(re->elf, &size)) == NULL) { warnx("elf_rawfile failed: %s", elf_errmsg(-1)); continue; } + if (phdr.p_offset >= size) { + warnx("invalid program header offset"); + continue; + } printf(" [Requesting program interpreter: %s]\n", rawfile + phdr.p_offset); } @@ -4378,13 +4382,22 @@ dump_mips_options(struct readelf *re, struct section *s) p = d->d_buf; pe = p + d->d_size; while (p < pe) { + if (pe - p < 8) { + warnx("Truncated MIPS option header"); + return; + } kind = re->dw_decode(&p, 1); size = re->dw_decode(&p, 1); sndx = re->dw_decode(&p, 2); info = re->dw_decode(&p, 4); + if (size < 8 || size - 8 > pe - p) { + warnx("Malformed MIPS option header"); + return; + } + size -= 8; switch (kind) { case ODK_REGINFO: - dump_mips_odk_reginfo(re, p, size - 8); + dump_mips_odk_reginfo(re, p, size); break; case ODK_EXCEPTIONS: printf(" EXCEPTIONS FPU_MIN: %#x\n", @@ -4435,7 +4448,7 @@ dump_mips_options(struct readelf *re, struct section *s) default: break; } - p += size - 8; + p += size; } } @@ -7458,11 +7471,10 @@ main(int argc, char **argv) errx(EXIT_FAILURE, "ELF library initialization failed: %s", elf_errmsg(-1)); - for (i = 0; i < argc; i++) - if (argv[i] != NULL) { - re->filename = argv[i]; - dump_object(re); - } + for (i = 0; i < argc; i++) { + re->filename = argv[i]; + dump_object(re); + } exit(EXIT_SUCCESS); } |