summaryrefslogtreecommitdiffstats
path: root/libdwfl
diff options
context:
space:
mode:
authorMark Wielaard <mark@klomp.org>2022-01-06 16:44:56 +0100
committerMark Wielaard <mark@klomp.org>2022-01-06 16:44:56 +0100
commit8b9d809568c37c4a6b9225f3c44cadabeb5fa1b0 (patch)
tree2506763c15633d6b13173797f2da7b396a450fbc /libdwfl
parentlibdwfl: Calculate addr to read by hand in link_map.c read_addrs. (diff)
downloadelfutils-8b9d809568c37c4a6b9225f3c44cadabeb5fa1b0.tar.gz
elfutils-8b9d809568c37c4a6b9225f3c44cadabeb5fa1b0.tar.bz2
elfutils-8b9d809568c37c4a6b9225f3c44cadabeb5fa1b0.tar.xz
libdwfl: Fix overflow check in link_map.c read_addrs
The buffer_available overflow check wasn't complete. Also check nb isn't too big. https://sourceware.org/bugzilla/show_bug.cgi?id=28720 Signed-off-by: Mark Wielaard <mark@klomp.org>
Diffstat (limited to 'libdwfl')
-rw-r--r--libdwfl/ChangeLog4
-rw-r--r--libdwfl/link_map.c3
2 files changed, 6 insertions, 1 deletions
diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index 149383ad..f8319f44 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,7 @@
12022-01-03 Mark Wielaard <mark@klomp.org>
2
3 * link_map.c (read_addrs): Fix buffer_available nb overflow.
4
12021-12-23 Mark Wielaard <mark@klomp.org> 52021-12-23 Mark Wielaard <mark@klomp.org>
2 6
3 * link_map.c (read_addrs): Calculate addr to read by hand. 7 * link_map.c (read_addrs): Calculate addr to read by hand.
diff --git a/libdwfl/link_map.c b/libdwfl/link_map.c
index cd9c5042..99222bb9 100644
--- a/libdwfl/link_map.c
+++ b/libdwfl/link_map.c
@@ -257,7 +257,8 @@ read_addrs (struct memory_closure *closure,
257 /* Read a new buffer if the old one doesn't cover these words. */ 257 /* Read a new buffer if the old one doesn't cover these words. */
258 if (*buffer == NULL 258 if (*buffer == NULL
259 || vaddr < *read_vaddr 259 || vaddr < *read_vaddr
260 || vaddr - (*read_vaddr) + nb > *buffer_available) 260 || nb > *buffer_available
261 || vaddr - (*read_vaddr) > *buffer_available - nb)
261 { 262 {
262 release_buffer (closure, buffer, buffer_available, 0); 263 release_buffer (closure, buffer, buffer_available, 0);
263 264