Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix #1 about out-of-bounds
  • Loading branch information
clkskw committed Jan 23, 2022
1 parent bc68101 commit c5b0f5a
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions parse.c
Expand Up @@ -73,6 +73,17 @@ int flag2str_sh(int flag, char *flag_str) {
return 0;
}

/**
* @description: Judge whether the memory address is legal
* @param {uint32_t} addr
* @param {uint32_t} start
* @param {uint32_t} end
* @return {*}
*/
int validated_offset(uint32_t addr, uint32_t start, uint32_t end){
return addr <= end && addr >= start? 0:-1;
}

int parse(char *elf) {
int fd;
struct stat st;
Expand Down Expand Up @@ -256,6 +267,10 @@ int parse(char *elf) {
PRINT_SECTION_TITLE("Nr", "Name", "Type", "Addr", "Off", "Size", "Es", "Flg", "Lk", "Inf", "Al");
for (int i = 0; i < ehdr->e_shnum; i++) {
name = elf_map + shstrtab.sh_offset + shdr[i].sh_name;
if (validated_offset(name, elf_map, elf_map + st.st_size)) {
ERROR("Corrupt file format\n");
return -1;
}

switch (shdr[i].sh_type) {
case SHT_NULL:
Expand Down Expand Up @@ -902,6 +917,10 @@ int parse(char *elf) {
PRINT_SECTION_TITLE("Nr", "Name", "Type", "Addr", "Off", "Size", "Es", "Flg", "Lk", "Inf", "Al");
for (int i = 0; i < ehdr->e_shnum; i++) {
name = elf_map + shstrtab.sh_offset + shdr[i].sh_name;
if (validated_offset(name, elf_map, elf_map + st.st_size)) {
ERROR("Corrupt file format\n");
return -1;
}

switch (shdr[i].sh_type) {
case SHT_NULL:
Expand Down

0 comments on commit c5b0f5a

Please sign in to comment.