[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v3 19/19] contrib/elf2dmp: Ensure phdrs fit in file
|
From: |
Akihiko Odaki |
|
Subject: |
[PATCH v3 19/19] contrib/elf2dmp: Ensure phdrs fit in file |
|
Date: |
Wed, 06 Mar 2024 15:12:25 +0900 |
Callers of elf64_getphdr() and elf_getphdrnum() assume phdrs are
accessible.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2202
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
---
contrib/elf2dmp/qemu_elf.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/contrib/elf2dmp/qemu_elf.c b/contrib/elf2dmp/qemu_elf.c
index 8d750adf904a..c9bad6e82cf3 100644
--- a/contrib/elf2dmp/qemu_elf.c
+++ b/contrib/elf2dmp/qemu_elf.c
@@ -132,6 +132,7 @@ static void exit_states(QEMU_Elf *qe)
static bool check_ehdr(QEMU_Elf *qe)
{
Elf64_Ehdr *ehdr = qe->map;
+ uint64_t phendoff;
if (sizeof(Elf64_Ehdr) > qe->size) {
eprintf("Invalid input dump file size\n");
@@ -173,6 +174,13 @@ static bool check_ehdr(QEMU_Elf *qe)
return false;
}
+ if (umul64_overflow(ehdr->e_phnum, sizeof(Elf64_Phdr), &phendoff) ||
+ uadd64_overflow(phendoff, ehdr->e_phoff, &phendoff) ||
+ phendoff > qe->size) {
+ eprintf("phdrs do not fit in file\n");
+ return false;
+ }
+
return true;
}
--
2.44.0
- [PATCH v3 05/19] contrib/elf2dmp: Fix error reporting style in addrspace.c, (continued)
- [PATCH v3 05/19] contrib/elf2dmp: Fix error reporting style in addrspace.c, Akihiko Odaki, 2024/03/06
- [PATCH v3 10/19] contrib/elf2dmp: Always check for PA resolution failure, Akihiko Odaki, 2024/03/06
- [PATCH v3 02/19] contrib/elf2dmp: Assume error by default, Akihiko Odaki, 2024/03/06
- [PATCH v3 09/19] contrib/elf2dmp: Fix error reporting style in main.c, Akihiko Odaki, 2024/03/06
- [PATCH v3 12/19] contrib/elf2dmp: Ensure segment fits in file, Akihiko Odaki, 2024/03/06
- [PATCH v3 14/19] contrib/elf2dmp: Use rol64() to decode, Akihiko Odaki, 2024/03/06
- [PATCH v3 11/19] contrib/elf2dmp: Always destroy PA space, Akihiko Odaki, 2024/03/06
- [PATCH v3 13/19] contrib/elf2dmp: Use lduw_le_p() to read PDB, Akihiko Odaki, 2024/03/06
- [PATCH v3 15/19] MAINTAINERS: Add Akihiko Odaki as a elf2dmp reviewer, Akihiko Odaki, 2024/03/06
- [PATCH v3 16/19] contrib/elf2dmp: Build only for little endian host, Akihiko Odaki, 2024/03/06
- [PATCH v3 19/19] contrib/elf2dmp: Ensure phdrs fit in file,
Akihiko Odaki <=
- [PATCH v3 17/19] contrib/elf2dmp: Use GPtrArray, Akihiko Odaki, 2024/03/06
- [PATCH v3 18/19] contrib/elf2dmp: Clamp QEMU note to file size, Akihiko Odaki, 2024/03/06