commit: d1d12246b7c5df3e20b062e536da9b4e639a4a66
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 26 03:46:42 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Aug 9 10:06:16 2024 +0000
URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d1d12246
dumpelf: check dyn pointer before DT_NULL check too
We were checking the pointer before dumping it, but missed the
DT_NULL check in the overall while loop.
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
(cherry picked from commit 7b37c40d0409d79a925b71135e9de96343096ce8)
Signed-off-by: Sam James <sam <AT> gentoo.org>
dumpelf.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/dumpelf.c b/dumpelf.c
index 0afb6c7..6ce8403 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -125,13 +125,17 @@ static void dumpelf(const elfobj *elf, size_t file_cnt)
if (elf->elf_class == ELFCLASS ## B) { \
const Elf ## B ## _Phdr *phdr = phdr_dynamic_void; \
const Elf ## B ## _Dyn *dyn = elf->vdata +
EGET(phdr->p_offset); \
+ if ((void *)dyn >= elf->data_end - sizeof(*dyn)) { \
+ printf(" /* invalid dynamic tags ! */ "); \
+ goto break_out_dyn; \
+ } \
i = 0; \
do { \
+ dump_dyn(elf, dyn++, i++); \
if ((void *)dyn >= elf->data_end - sizeof(*dyn)) { \
printf(" /* invalid dynamic tags ! */ "); \
break; \
} \
- dump_dyn(elf, dyn++, i++); \
} while (EGET(dyn->d_tag) != DT_NULL); \
}
DUMP_DYNS(32)
@@ -139,6 +143,7 @@ static void dumpelf(const elfobj *elf, size_t file_cnt)
} else {
printf(" /* no dynamic tags ! */ ");
}
+ break_out_dyn:
printf("};\n");
}
