Please sign in to comment.
core: elf_load_body(): use MUL_OVERFLOW() to get size of section headers
At the end of elf_load_body(), section headers are copied in a system heap memory block, associated to state->shdr. As the computed size is the result of an uncontrolled multiplication (ehdr.e_shnum * ehdr.e_shentsize), it could have overflowed and result in allocating a small memory block. Use an overflow checking macro to prevent this case. Signed-off-by: Jerome Forissier <firstname.lastname@example.org> Reported-by: Bastien Simondi <email@example.com> [1.7] Reviewed-by: Jens Wiklander <firstname.lastname@example.org> Reviewed-by: Joakim Bech <email@example.com>
- Loading branch information...