mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

contrib/elf2dmp: Ensure phdrs fit in file

Browse Source 
Callers of elf64_getphdr() and elf_getphdrnum() assume phdrs are
accessible.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2202
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Tested-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20240307-elf2dmp-v4-19-4f324ad4d99d@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Akihiko Odaki 2024-03-07 19:21:02 +09:00 committed by Peter Maydell
parent 9de37c2883
commit 98d16e5f72
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
contrib/elf2dmp/qemu_elf.c
View File

@ -132,6 +132,7 @@ static void exit_states(QEMU_Elf *qe)
static bool check_ehdr(QEMU_Elf *qe) static bool check_ehdr(QEMU_Elf *qe)
{ {
Elf64_Ehdr *ehdr = qe->map; Elf64_Ehdr *ehdr = qe->map;
uint64_t phendoff;
if (sizeof(Elf64_Ehdr) > qe->size) { if (sizeof(Elf64_Ehdr) > qe->size) {
eprintf("Invalid input dump file size\n"); eprintf("Invalid input dump file size\n");
@ -173,6 +174,13 @@ static bool check_ehdr(QEMU_Elf *qe)
return false; return false;
} }
if (umul64_overflow(ehdr->e_phnum, sizeof(Elf64_Phdr), &phendoff) ||
uadd64_overflow(phendoff, ehdr->e_phoff, &phendoff) ||
phendoff > qe->size) {
eprintf("phdrs do not fit in file\n");
return false;
}
return true; return true;
} }