[PATCH] readelf: Check length for nexthdr overflow in print_debug_aranges_section.

Mark Wielaard Sun, 23 Nov 2014 15:21:07 -0800

Signed-off-by: Mark Wielaard <m...@redhat.com>
---
 src/ChangeLog | 5 +++++
 src/readelf.c | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)


diff --git a/src/ChangeLog b/src/ChangeLog
index aa16b67..19509dc 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2014-11-23  Mark Wielaard  <m...@redhat.com>
+
+       * readelf.c (print_debug_aranges_section): Check length to catch
+       nexthdr overflow.
+
 2014-11-21  Mark Wielaard  <m...@redhat.com>
 
        * readelf.c (print_attributes): Guard against empty section.
diff --git a/src/readelf.c b/src/readelf.c
index 9bae66d..ffc14fd 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -4693,7 +4693,7 @@ print_debug_aranges_section (Dwfl_Module *dwflmod 
__attribute__ ((unused)),
       printf (gettext ("\n Length:        %6" PRIu64 "\n"),
              (uint64_t) length);
 
-      if (nexthdr > readendp)
+      if (length > readendp - readp)
        goto invalid_data;
 
       if (length == 0)
-- 
1.9.3

[PATCH] readelf: Check length for nexthdr overflow in print_debug_aranges_section.

Reply via email to