From: Mark Wielaard <mjw@redhat.com>
Date: Tue, 16 Dec 2014 18:43:21 +0000 (+0100)
Subject: libelf: Check index_size doesn't overflow in elf_getarsym.
X-Git-Tag: elfutils-0.161~13
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4bb122a87608a1e0f7c27341fe1b3cd05c1462be;p=platform%2Fupstream%2Felfutils.git

libelf: Check index_size doesn't overflow in elf_getarsym.

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---

diff --git a/libelf/ChangeLog b/libelf/ChangeLog
index 7406509..fe210ab 100644
--- a/libelf/ChangeLog
+++ b/libelf/ChangeLog
@@ -1,5 +1,9 @@
 2014-12-15  Mark Wielaard  <mjw@redhat.com>
 
+	* elf_getarsym.c (elf_getarsym): Check index_size doesn't overflow.
+
+2014-12-15  Mark Wielaard  <mjw@redhat.com>
+
 	* elf_begin.c (read_long_names): Clear any garbage left in the
 	name table.
 
diff --git a/libelf/elf_getarsym.c b/libelf/elf_getarsym.c
index ba88aa0..40633aa 100644
--- a/libelf/elf_getarsym.c
+++ b/libelf/elf_getarsym.c
@@ -182,7 +182,8 @@ elf_getarsym (elf, ptr)
       tmpbuf[10] = '\0';
       size_t index_size = atol (tmpbuf);
 
-      if (SARMAG + sizeof (struct ar_hdr) + index_size > elf->maximum_size
+      if (index_size > elf->maximum_size
+	  || elf->maximum_size - index_size < SARMAG + sizeof (struct ar_hdr)
 #if SIZE_MAX <= 4294967295U
 	  || n >= SIZE_MAX / sizeof (Elf_Arsym)
 #endif