Author: imp
Date: Fri Nov 24 05:00:25 2017
New Revision: 326143
URL: https://svnweb.freebsd.org/changeset/base/326143
Log:
Fix theoretical integer overflow issues. If the product here is
greater than 2^31-1, then the result will be huge. This is unlikely,
as we don't support that many sections, but out of an abundace of
caution cast to size_t so the multiplication won't overflow
mysteriously when size_t is larger than 32-bits. The resulting code
may be a smidge larger, but this isn't super-space critical code.
CID: 1194216, 1194217, 1194222, 1194223, 1265018, 1265019,1265020,
1265021
Sponsored by: Netflix
Modified:
head/stand/common/load_elf.c
Modified: head/stand/common/load_elf.c
==============================================================================
--- head/stand/common/load_elf.c Fri Nov 24 04:42:21 2017
(r326142)
+++ head/stand/common/load_elf.c Fri Nov 24 05:00:25 2017
(r326143)
@@ -456,7 +456,7 @@ __elfN(loadimage)(struct preloaded_file *fp, elf_file_
* think the rule is going to have to be that you must strip a
* file to remove symbols before gzipping it.
*/
- chunk = ehdr->e_shnum * ehdr->e_shentsize;
+ chunk = (size_t)ehdr->e_shnum * (size_t)ehdr->e_shentsize;
if (chunk == 0 || ehdr->e_shoff == 0)
goto nosyms;
shdr = alloc_pread(ef->fd, ehdr->e_shoff, chunk);
@@ -747,7 +747,7 @@ __elfN(load_modmetadata)(struct preloaded_file *fp, u_
goto out;
}
- size = ef.ehdr->e_shnum * ef.ehdr->e_shentsize;
+ size = (size_t)ef.ehdr->e_shnum * (size_t)ef.ehdr->e_shentsize;
shdr = alloc_pread(ef.fd, ef.ehdr->e_shoff, size);
if (shdr == NULL) {
err = ENOMEM;
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
