Overview

File 0004-scanelf-check-range-of-hash-bucket.patch of Package pax-utils

From e577c5b7e230c52e5fc4fa40e4e9014c634b3c1d Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sat, 11 Feb 2017 01:54:49 -0500
Subject: [PATCH 4/4] scanelf: check range of hash bucket

Make sure we don't walk off the end of the ELF with a corrupt hash table.

URL: https://bugs.gentoo.org/608766
Reported-by: Agostino Sarubbo <ago@gentoo.org>
---
 scanelf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scanelf.c b/scanelf.c
index 79ce59c..70856f3 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -332,7 +332,8 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str)
 				if (!buckets[b]) \
 					continue; \
 				for (sym_idx = buckets[b], chained = 0; \
-				     sym_idx < nchains && sym_idx && chained <= nchains; \
+				     (sym_idx < nchains && sym_idx && chained <= nchains && \
+				      (void *)&chains[sym_idx] + sizeof(*chains) < elf->data_end); \
 				     sym_idx = chains[sym_idx], ++chained) { \
 					if (max_sym_idx < sym_idx) \
 						max_sym_idx = sym_idx; \
-- 
2.10.2
openSUSE Build Service is sponsored by
Places