Skip to content

Commit

Permalink
contrib/elf2dmp: Ensure phdrs fit in file
Browse files Browse the repository at this point in the history 
Callers of elf64_getphdr() and elf_getphdrnum() assume phdrs are
accessible.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2202
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Tested-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20240307-elf2dmp-v4-19-4f324ad4d99d@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
  • Loading branch information
@akihikodaki @pm215
akihikodaki authored and pm215 committed Mar 11, 2024
1 parent 9de37c2 commit 98d16e5
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions contrib/elf2dmp/qemu_elf.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ static void exit_states(QEMU_Elf *qe)
static bool check_ehdr(QEMU_Elf *qe)
{
Elf64_Ehdr *ehdr = qe->map;
uint64_t phendoff;

if (sizeof(Elf64_Ehdr) > qe->size) {
eprintf("Invalid input dump file size\n");
Expand Down Expand Up @@ -173,6 +174,13 @@ static bool check_ehdr(QEMU_Elf *qe)
return false;
}

if (umul64_overflow(ehdr->e_phnum, sizeof(Elf64_Phdr), &phendoff) ||
uadd64_overflow(phendoff, ehdr->e_phoff, &phendoff) ||
phendoff > qe->size) {
eprintf("phdrs do not fit in file\n");
return false;
}

return true;
}

Expand Down

0 comments on commit 98d16e5

Please sign in to comment.