Fix #91, Redo SymbolNames malloc to remove out-of-bounds write

nasa · Oct 28, 2022 · de20b36 · de20b36
1 parent 46b29f8
commit de20b36
Showing 1 changed file with 3 additions and 6 deletions.
diff --git a/elf2cfetbl.c b/elf2cfetbl.c
@@ -1928,14 +1928,11 @@ int32 GetSymbol(int32 SymbolIndex, union Elf_Sym *Symbol)
         printf("   st_name  = 0x%08x - ", get_st_name(Symbol));
     fseek(SrcFileDesc, SeekOffset, SEEK_SET);
 
-    while ((i < sizeof(VerboseStr)) && ((VerboseStr[i] = fgetc(SrcFileDesc)) != '\0'))
-    {
-        i++;
-    }
+    /* Ensure null terminated */
+    VerboseStr[sizeof(VerboseStr) - 1] = '\0';
 
-    VerboseStr[i] = '\0'; /* Just in case i=sizeof(VerboseStr) */
+    SymbolNames[SymbolIndex] = malloc(strlen(VerboseStr) + 1);
 
-    SymbolNames[SymbolIndex] = malloc(i + 1);
     strcpy(SymbolNames[SymbolIndex], VerboseStr);
 
     if ((strcmp(VerboseStr, TBL_DEF_SYMBOL_NAME) == 0) || (strcmp(&VerboseStr[1], TBL_DEF_SYMBOL_NAME) == 0))