Commit 18662cad authored by Guillem Jover's avatar Guillem Jover

nlist: Fix unbounded malloc() calls

There are a couple of malloc() calls with unbounded size arguments,
coming from the parsed file. We need to make sure the size is not
larger than the file being parsed, otherwise we might end up with
out of memory conditions.
Reported-by: default avatarDaniel Hodson <daniel@elttam.com.au>
Signed-off-by: Guillem Jover's avatarGuillem Jover <guillem@hadrons.org>
parent ce53f7c2
......@@ -151,7 +151,7 @@ __fdnlist(int fd, struct nlist *list)
shdr_size = ehdr.e_shentsize * ehdr.e_shnum;
/* Make sure it's not too big to mmap */
if (shdr_size > SIZE_T_MAX) {
if (shdr_size > SIZE_T_MAX || shdr_size > st.st_size) {
errno = EFBIG;
return (-1);
}
......@@ -184,7 +184,7 @@ __fdnlist(int fd, struct nlist *list)
}
/* Check for files too large to mmap. */
if (symstrsize > SIZE_T_MAX) {
if (symstrsize > SIZE_T_MAX || symstrsize > st.st_size) {
errno = EFBIG;
goto done;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment