Arithmetic of signed values that overflow causes undefined behaviour
Change to explicit unsigned arithmetic overflow check.
Signed-off-by: Mark Wielaard <m...@redhat.com>
---
libelf/ChangeLog | 5 +++++
libelf/elf_getdata_rawchunk.c | 7 ++++---
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 8a11563..68fb0fc 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,5 +1,10 @@
2014-11-23 Mark Wielaard <m...@redhat.com>
+ * elf_getdata_rawchunk.c (elf_getdata_rawchunk): Change signed
+ overflow check to unsigned.
+
+2014-11-23 Mark Wielaard <m...@redhat.com>
+
* note_xlate.h (elf_cvt_note): Copy over any leftover data if
src != dest. The data is probably part of truncated name/desc.
diff --git a/libelf/elf_getdata_rawchunk.c b/libelf/elf_getdata_rawchunk.c
index f4fbe66..63a9914 100644
--- a/libelf/elf_getdata_rawchunk.c
+++ b/libelf/elf_getdata_rawchunk.c
@@ -1,5 +1,5 @@
/* Return converted data from raw chunk of ELF file.
- Copyright (C) 2007 Red Hat, Inc.
+ Copyright (C) 2007, 2014 Red Hat, Inc.
This file is part of elfutils.
This file is free software; you can redistribute it and/or modify
@@ -57,8 +57,9 @@ elf_getdata_rawchunk (elf, offset, size, type)
return NULL;
}
- if (unlikely (offset < 0 || offset + (off64_t) size < offset
- || offset + size > elf->maximum_size))
+ if (unlikely (offset < 0 || (uint64_t) offset > elf->maximum_size
+ || elf->maximum_size - (uint64_t) offset < size))
+
{
/* Invalid request. */
__libelf_seterrno (ELF_E_INVALID_OP);
--
1.9.3
