Check file offset doesn't exceed file size

serge1 · Mar 22, 2024 · a428b72 · a428b72
1 parent e361316
commit a428b72
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 15 deletions.
diff --git a/elfio/elfio_section.hpp b/elfio/elfio_section.hpp
@@ -280,14 +280,16 @@ template <class T> class section_impl : public section
 
     bool load_data() const
     {
+        Elf_Xword sh_offset =
+            ( *translator )[( *convertor )( header.sh_offset )];
         Elf_Xword size = get_size();
         if ( nullptr == data && SHT_NULL != get_type() &&
-             SHT_NOBITS != get_type() && size < get_stream_size() ) {
+             SHT_NOBITS != get_type() &&
+             ( sh_offset + size ) <= get_stream_size() ) {
             data.reset( new ( std::nothrow ) char[size_t( size ) + 1] );
 
             if ( ( 0 != size ) && ( nullptr != data ) ) {
-                pstream->seekg(
-                    ( *translator )[( *convertor )( header.sh_offset )] );
+                pstream->seekg( sh_offset );
                 pstream->read( data.get(), size );
                 if ( static_cast<Elf_Xword>( pstream->gcount() ) != size ) {
                     data = nullptr;

diff --git a/elfio/elfio_segment.hpp b/elfio/elfio_segment.hpp
@@ -206,22 +206,23 @@ template <class T> class segment_impl : public segment
             return true;
         }
 
-        pstream->seekg( ( *translator )[( *convertor )( ph.p_offset )] );
-        Elf_Xword size = get_file_size();
+        Elf_Xword p_offset = ( *translator )[( *convertor )( ph.p_offset )];
+        Elf_Xword size     = get_file_size();
 
-        if ( size > get_stream_size() ) {
+        if ( p_offset + size > get_stream_size() ) {
             data = nullptr;
+            return false;
+        }
+
+        data.reset( new ( std::nothrow ) char[(size_t)size + 1] );
+
+        pstream->seekg( p_offset );
+        if ( nullptr != data.get() && pstream->read( data.get(), size ) ) {
+            data.get()[size] = 0;
         }
         else {
-            data.reset( new ( std::nothrow ) char[(size_t)size + 1] );
-
-            if ( nullptr != data.get() && pstream->read( data.get(), size ) ) {
-                data.get()[size] = 0;
-            }
-            else {
-                data = nullptr;
-                return false;
-            }
+            data = nullptr;
+            return false;
         }
 
         is_loaded = true;