blob: 242f4cc6220cd24f8f365bd130947627327d8868 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
From 44ded3ff35b8264f54b5a900cab32ec489d9e5b9 Mon Sep 17 00:00:00 2001
From: pancake <pancake@nopcode.org>
Date: Wed, 25 Oct 2017 18:09:24 +0200
Subject: [PATCH] Fix #8743 - Crash in ELF version parser on 32bit systems
---
libr/bin/format/elf/elf.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libr/bin/format/elf/elf.c b/libr/bin/format/elf/elf.c
index e3c852fd3..2248731b3 100644
--- a/libr/bin/format/elf/elf.c
+++ b/libr/bin/format/elf/elf.c
@@ -748,7 +748,12 @@ static Sdb *store_versioninfo_gnu_verdef(ELFOBJ *bin, Elf_(Shdr) *shdr, int sz)
verdef->vd_hash = READ32 (dfs, j)
verdef->vd_aux = READ32 (dfs, j)
verdef->vd_next = READ32 (dfs, j)
- vstart += verdef->vd_aux;
+ int vdaux = verdef->vd_aux;
+ if (vdaux < 1) {
+ sdb_free (sdb_verdef);
+ goto out_error;
+ }
+ vstart += vdaux;
if (vstart > end || vstart + sizeof (Elf_(Verdaux)) > end) {
sdb_free (sdb_verdef);
goto out_error;
--
2.14.3
|
