aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2015-12-12 16:33:07 -0500
committerMike Frysinger <vapier@gentoo.org>2015-12-12 16:33:07 -0500
commit81658ac5842906a286373096691a5f8e3ad6aa2d (patch)
tree0a666ce7cd8e06b3e9111d242575432fd3511fed
parentdumpelf: handle corrupt section headers (diff)
downloadpax-utils-81658ac5842906a286373096691a5f8e3ad6aa2d.tar.gz
pax-utils-81658ac5842906a286373096691a5f8e3ad6aa2d.tar.bz2
pax-utils-81658ac5842906a286373096691a5f8e3ad6aa2d.zip
dumpelf: handle corrupt dynamic tags
URL: https://bugs.gentoo.org/567956 Reported-by: Brian Carpenter <brian.carpenter@gmail.com>
-rw-r--r--dumpelf.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/dumpelf.c b/dumpelf.c
index fe0001b..4675904 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -138,6 +138,10 @@ static void dumpelf(const char *filename, long file_cnt)
Elf ## B ## _Dyn *dyn = elf->vdata + EGET(phdr->p_offset); \
i = 0; \
do { \
+ if ((void *)dyn >= elf->data_end - sizeof(*dyn)) { \
+ printf(" /* invalid dynamic tags ! */ "); \
+ break; \
+ } \
dump_dyn(elf, dyn++, i++); \
} while (EGET(dyn->d_tag) != DT_NULL); \
}