From: Mark Wielaard Date: Thu, 23 Dec 2021 22:16:25 +0000 (+0100) Subject: libdwfl: Make sure dwfl_elf_phdr_memory_callback returns at least minread X-Git-Tag: elfutils-0.187~45 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1cf73965853037301a6099dea5368a1303cde2ba;p=platform%2Fupstream%2Felfutils.git libdwfl: Make sure dwfl_elf_phdr_memory_callback returns at least minread The callers of dwfl_elf_phdr_memory_callback assume at least minread bytes are read and available. Make sure to check start is smaller than elf->maximum_size before reading more. Return false if end - start is smaller than minread. Found by afl-fuzz. Signed-off-by: Mark Wielaard --- diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog index abd5c34..49a35e4 100644 --- a/libdwfl/ChangeLog +++ b/libdwfl/ChangeLog @@ -1,3 +1,8 @@ +2021-12-23 Mark Wielaard + + * core-file.c (dwfl_elf_phdr_memory_callback): Check start < + elf->maximum_size and end - start < minread. + 2021-12-20 Mark Wielaard * dwfl_segment_report_module.c (dwfl_segment_report_module): Move diff --git a/libdwfl/core-file.c b/libdwfl/core-file.c index b04d1d1..cefc3db 100644 --- a/libdwfl/core-file.c +++ b/libdwfl/core-file.c @@ -1,5 +1,6 @@ /* Core file handling. Copyright (C) 2008-2010, 2013, 2015 Red Hat, Inc. + Copyright (C) 2021 Mark J. Wielaard This file is part of elfutils. This file is free software; you can redistribute it and/or modify @@ -320,7 +321,7 @@ dwfl_elf_phdr_memory_callback (Dwfl *dwfl, int ndx, (void) more (*buffer_available); /* If it's already on hand anyway, use as much as there is. */ - if (elf->map_address != NULL) + if (elf->map_address != NULL && start < elf->maximum_size) (void) more (elf->maximum_size - start); /* Make sure we don't look past the end of the actual file, @@ -332,6 +333,9 @@ dwfl_elf_phdr_memory_callback (Dwfl *dwfl, int ndx, if (unlikely (start >= end)) return false; + if (end - start < minread) + return false; + if (elf->map_address != NULL) { void *contents = elf->map_address + elf->start_offset + start;