> - if (sh_offset+sh_size>TT.len) goto bad;
> -
> // An ELF note is a sequence of entries, each consisting of an
> // ndhr followed by n_namesz+n_descsz bytes of data (each of those
> // rounded up to the next 4 bytes, without this being reflected in
> // the header byte counts themselves).
> while (sh_size >= 3*4) { // Don't try to read a truncated entry.
> + // Sanity check (https://github.com/landley/toybox/issues/99).
> + if (sh_offset+sh_size>TT.len) goto bad;
> +
Fixed this one a slightly different way (commit 72af8466ac0e).
Rob
_______________________________________________
Toybox mailing list
[email protected]
http://lists.landley.net/listinfo.cgi/toybox-landley.net
