diff options
author | Mike Frysinger <vapier@gentoo.org> | 2024-01-25 22:57:24 -0500 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2024-08-09 11:06:16 +0100 |
commit | 599d8c41b144596764b33d87d09f80948652ed92 (patch) | |
tree | cebf4d852336fc1c855cbedb02e22fc192fe41bc | |
parent | dumpelf: check dyn pointer before DT_NULL check too (diff) | |
download | pax-utils-599d8c41b144596764b33d87d09f80948652ed92.tar.gz pax-utils-599d8c41b144596764b33d87d09f80948652ed92.tar.bz2 pax-utils-599d8c41b144596764b33d87d09f80948652ed92.zip |
dumpelf: improve note memory check
Make sure the entire structure fits within the bounds of memory,
not just the start of it.
Bug: https://bugs.gentoo.org/922906
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
(cherry picked from commit a5298c41c27a35a5c2dcca0723c808029d241953)
Signed-off-by: Sam James <sam@gentoo.org>
-rw-r--r-- | dumpelf.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -232,7 +232,7 @@ static void dump_notes(const elfobj *elf, size_t B, const void *memory, const vo } printf("\n\t/%c note section dump:\n", '*'); - for (i = 0; ndata < memory_end && !corrupt; ++i) { + for (i = 0; ndata < memory_end - sizeof(*note) && !corrupt; ++i) { note = ndata; namesz = EGET(note->n_namesz); descsz = EGET(note->n_descsz); |