diff options
Diffstat (limited to 'contrib/elftoolchain/readelf/readelf.c')
-rw-r--r-- | contrib/elftoolchain/readelf/readelf.c | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/contrib/elftoolchain/readelf/readelf.c b/contrib/elftoolchain/readelf/readelf.c index bca228c..29bc389 100644 --- a/contrib/elftoolchain/readelf/readelf.c +++ b/contrib/elftoolchain/readelf/readelf.c @@ -46,7 +46,7 @@ #include "_elftc.h" -ELFTC_VCSID("$Id: readelf.c 3178 2015-03-30 18:29:13Z emaste $"); +ELFTC_VCSID("$Id: readelf.c 3189 2015-04-20 17:02:01Z emaste $"); /* * readelf(1) options. @@ -2673,7 +2673,7 @@ dump_phdr(struct readelf *re) { const char *rawfile; GElf_Phdr phdr; - size_t phnum; + size_t phnum, size; int i, j; #define PH_HDR "Type", "Offset", "VirtAddr", "PhysAddr", "FileSiz", \ @@ -2726,10 +2726,14 @@ dump_phdr(struct readelf *re) " 0x%16.16jx 0x%16.16jx %c%c%c" " %#jx\n", PH_CT); if (phdr.p_type == PT_INTERP) { - if ((rawfile = elf_rawfile(re->elf, NULL)) == NULL) { + if ((rawfile = elf_rawfile(re->elf, &size)) == NULL) { warnx("elf_rawfile failed: %s", elf_errmsg(-1)); continue; } + if (phdr.p_offset >= size) { + warnx("invalid program header offset"); + continue; + } printf(" [Requesting program interpreter: %s]\n", rawfile + phdr.p_offset); } @@ -4378,13 +4382,22 @@ dump_mips_options(struct readelf *re, struct section *s) p = d->d_buf; pe = p + d->d_size; while (p < pe) { + if (pe - p < 8) { + warnx("Truncated MIPS option header"); + return; + } kind = re->dw_decode(&p, 1); size = re->dw_decode(&p, 1); sndx = re->dw_decode(&p, 2); info = re->dw_decode(&p, 4); + if (size < 8 || size - 8 > pe - p) { + warnx("Malformed MIPS option header"); + return; + } + size -= 8; switch (kind) { case ODK_REGINFO: - dump_mips_odk_reginfo(re, p, size - 8); + dump_mips_odk_reginfo(re, p, size); break; case ODK_EXCEPTIONS: printf(" EXCEPTIONS FPU_MIN: %#x\n", @@ -4435,7 +4448,7 @@ dump_mips_options(struct readelf *re, struct section *s) default: break; } - p += size - 8; + p += size; } } @@ -7458,11 +7471,10 @@ main(int argc, char **argv) errx(EXIT_FAILURE, "ELF library initialization failed: %s", elf_errmsg(-1)); - for (i = 0; i < argc; i++) - if (argv[i] != NULL) { - re->filename = argv[i]; - dump_object(re); - } + for (i = 0; i < argc; i++) { + re->filename = argv[i]; + dump_object(re); + } exit(EXIT_SUCCESS); } |