[Toybox] [PATCH] file: cope with invalid ELF notes.
Rob Landley
rob at landley.net
Sat Aug 4 10:12:16 PDT 2018
> - if (sh_offset+sh_size>TT.len) goto bad;
> -
> // An ELF note is a sequence of entries, each consisting of an
> // ndhr followed by n_namesz+n_descsz bytes of data (each of those
> // rounded up to the next 4 bytes, without this being reflected in
> // the header byte counts themselves).
> while (sh_size >= 3*4) { // Don't try to read a truncated entry.
> + // Sanity check (https://github.com/landley/toybox/issues/99).
> + if (sh_offset+sh_size>TT.len) goto bad;
> +
Fixed this one a slightly different way (commit 72af8466ac0e).
Rob
More information about the Toybox
mailing list