Commit 24d1f4dd authored by Guillem Jover's avatar Guillem Jover

nlist: Check whether sh_link is within bounds

The sh_link members should be >= e_shnum, otherwise we might do out of
bounds read accesses on the shdr array.
Reported-by: default avatarDaniel Hodson <>
Based-on-patch-by: default avatarDaniel Hodson <>
Signed-off-by: Guillem Jover's avatarGuillem Jover <>
parent e9529d9b
......@@ -172,6 +172,9 @@ __fdnlist(int fd, struct nlist *list)
for (i = 0; i < ehdr.e_shnum; i++) {
if (shdr[i].sh_type == SHT_SYMTAB) {
if (shdr[i].sh_link >= ehdr.e_shnum)
goto done;
symoff = shdr[i].sh_offset;
symsize = shdr[i].sh_size;
symstroff = shdr[shdr[i].sh_link].sh_offset;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment