Public bug reported:
It seems to me that the test for an invalid section size
wants be moved up from the map case to cover both the read and the map
case.
To guard against a bogus section size for both cases.
Rather than relying on a malloc failure to catch a
completely bogus section size.
Thus allowing a more accurate error indication.
>From elfutils_0.165.orig.tar.bz2
elfutils-0.165/libelf/elf_getdata.c
--- elf_getdata.c.orig 2017-05-23 10:56:05.547607473 -0700
+++ elf_getdata.c 2017-05-23 11:08:27.459670572 -0700
@@ -292,21 +292,20 @@
__libelf_seterrno (ELF_E_INVALID_DATA);
return 1;
}
+ /* First see whether the information in the section header is
+ valid and it does not ask for too much. Check for unsigned
+ overflow. */
+ if (unlikely (offset > elf->maximum_size
+ || elf->maximum_size - offset < size))
+ {
+ /* Something is wrong. */
+ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
+ return 1;
+ }
/* We can use the mapped or loaded data if available. */
if (elf->map_address != NULL)
{
- /* First see whether the information in the section header is
- valid and it does not ask for too much. Check for unsigned
- overflow. */
- if (unlikely (offset > elf->maximum_size
- || elf->maximum_size - offset < size))
- {
- /* Something is wrong. */
- __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
- return 1;
- }
-
scn->rawdata_base = scn->rawdata.d.d_buf
= (char *) elf->map_address + elf->start_offset + offset;
}
** Affects: elfutils (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to elfutils in Ubuntu.
https://bugs.launchpad.net/bugs/1692997
Title:
libelf test for section size in wrong place
Status in elfutils package in Ubuntu:
New
Bug description:
It seems to me that the test for an invalid section size
wants be moved up from the map case to cover both the read and the map
case.
To guard against a bogus section size for both cases.
Rather than relying on a malloc failure to catch a
completely bogus section size.
Thus allowing a more accurate error indication.
From elfutils_0.165.orig.tar.bz2
elfutils-0.165/libelf/elf_getdata.c
--- elf_getdata.c.orig 2017-05-23 10:56:05.547607473 -0700
+++ elf_getdata.c 2017-05-23 11:08:27.459670572 -0700
@@ -292,21 +292,20 @@
__libelf_seterrno (ELF_E_INVALID_DATA);
return 1;
}
+ /* First see whether the information in the section header is
+ valid and it does not ask for too much. Check for unsigned
+ overflow. */
+ if (unlikely (offset > elf->maximum_size
+ || elf->maximum_size - offset < size))
+ {
+ /* Something is wrong. */
+ __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
+ return 1;
+ }
/* We can use the mapped or loaded data if available. */
if (elf->map_address != NULL)
{
- /* First see whether the information in the section header is
- valid and it does not ask for too much. Check for unsigned
- overflow. */
- if (unlikely (offset > elf->maximum_size
- || elf->maximum_size - offset < size))
- {
- /* Something is wrong. */
- __libelf_seterrno (ELF_E_INVALID_SECTION_HEADER);
- return 1;
- }
-
scn->rawdata_base = scn->rawdata.d.d_buf
= (char *) elf->map_address + elf->start_offset + offset;
}
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/elfutils/+bug/1692997/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
