diff options
| author | Ed Maste <emaste@FreeBSD.org> | 2014-12-30 22:04:24 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2014-12-30 22:04:24 +0000 |
| commit | 6db8a9f3a5ed5f35a00f88a2bdcef46bd66f15ea (patch) | |
| tree | 2183fa957d1f41e84c4287839c26d4106f398a63 | |
| parent | ee8c7bb573ba5c423e893f075eafc6106fe5e895 (diff) | |
Notes
| -rw-r--r-- | contrib/elftoolchain/libelf/elf_scn.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/contrib/elftoolchain/libelf/elf_scn.c b/contrib/elftoolchain/libelf/elf_scn.c index 60e9ded7ecef..e337c2ac91b3 100644 --- a/contrib/elftoolchain/libelf/elf_scn.c +++ b/contrib/elftoolchain/libelf/elf_scn.c @@ -32,6 +32,7 @@ #include <gelf.h> #include <libelf.h> #include <stddef.h> +#include <stdint.h> #include <stdlib.h> #include "_libelf.h" @@ -50,7 +51,6 @@ _libelf_load_section_headers(Elf *e, void *ehdr) Elf64_Ehdr *eh64; int ec, swapbytes; unsigned char *src; - unsigned char *rawend; size_t fsz, i, shnum; int (*xlator)(unsigned char *_d, size_t _dsz, unsigned char *_s, size_t _c, int _swap); @@ -61,6 +61,7 @@ _libelf_load_section_headers(Elf *e, void *ehdr) #define CHECK_EHDR(E,EH) do { \ if (fsz != (EH)->e_shentsize || \ + shnum > SIZE_MAX / fsz || \ shoff + fsz * shnum > e->e_rawsize) { \ LIBELF_SET_ERROR(HEADER, 0); \ return (0); \ @@ -87,7 +88,6 @@ _libelf_load_section_headers(Elf *e, void *ehdr) swapbytes = e->e_byteorder != LIBELF_PRIVATE(byteorder); src = e->e_rawfile + shoff; - rawend = e->e_rawfile + e->e_rawsize; /* * If the file is using extended numbering then section #0 @@ -104,8 +104,6 @@ _libelf_load_section_headers(Elf *e, void *ehdr) } for (; i < shnum; i++, src += fsz) { - if (src + sizeof(scn->s_shdr) > rawend) - return (0); if ((scn = _libelf_allocate_scn(e, i)) == NULL) return (0); |