mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-03 06:45:37 -08:00
Code

This patch ensure that e_shentsize (sections header's size in bytes) is

Browse Source 
big enough to fill at least one Elf_Shdr.

While here, inverts calloc() arguments to be calloc(nmemb, size),
according to fread() call after.

This problem was found with afl, with e_shentsize=1.

ok miod@
This commit is contained in:
semarie 2015-06-23 15:13:29 +00:00
parent 061050452b
commit 8e73cb8c24
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
usr.bin/nm/elf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: elf.c,v 1.30 2015/06/23 15:02:58 semarie Exp $ */
/* $OpenBSD: elf.c,v 1.31 2015/06/23 15:13:29 semarie Exp $ */
/*
* Copyright (c) 2003 Michael Shalayeff
@ -159,7 +159,12 @@ elf_load_shdrs(const char *name, FILE *fp, off_t foff, Elf_Ehdr *head)
return (NULL);
}
if ((shdr = calloc(head->e_shentsize, head->e_shnum)) == NULL) {
if (head->e_shentsize < sizeof(Elf_Shdr)) {
warnx("%s: inconsistent section header size", name);
return (NULL);
}
if ((shdr = calloc(head->e_shnum, head->e_shentsize)) == NULL) {
warn("%s: malloc shdr", name);
return (NULL);
}