From ee891ca7c9685ccff07d86746ca3077d039eef79 Mon Sep 17 00:00:00 2001
From: Serge Lamikhov-Center <to_serge@hotmail.com>
Date: Sun, 19 Jun 2022 23:21:56 +0300
Subject: [PATCH] Make sure that dynamic section entry size is larger than
ElfXX_Dyn structure
---
.vscode/launch.json | 2 +-
elfio/elfio_dynamic.hpp | 14 ++++++++++++--
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/.vscode/launch.json b/.vscode/launch.json
index c25b5c5..53ad78a 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -102,7 +102,7 @@
"request": "launch",
"program": "${workspaceFolder}/tests/elfio_fuzzer",
"args": [
- "crash-98819328ee414bbba1ee50073d66c0727d60a7af"
+ "oom-9025696a52c7f5cb94d482225a6b3727e9691f5b"
],
"cwd": "${workspaceFolder}/tests",
}
diff --git a/elfio/elfio_dynamic.hpp b/elfio/elfio_dynamic.hpp
index 528a55e..7cb2f81 100644
--- a/elfio/elfio_dynamic.hpp
+++ b/elfio/elfio_dynamic.hpp
@@ -40,8 +40,17 @@ template <class S> class dynamic_section_accessor_template
//------------------------------------------------------------------------------
Elf_Xword get_entries_num() const
{
+ size_t needed_entry_size = -1;
+ if ( elf_file.get_class() == ELFCLASS32 ) {
+ needed_entry_size = sizeof( Elf32_Dyn );
+ }
+ else {
+ needed_entry_size = sizeof( Elf64_Dyn );
+ }
+
if ( ( 0 == entries_num ) &&
- ( 0 != dynamic_section->get_entry_size() ) ) {
+ ( 0 != dynamic_section->get_entry_size() &&
+ dynamic_section->get_entry_size() >= needed_entry_size ) ) {
entries_num =
dynamic_section->get_size() / dynamic_section->get_entry_size();
Elf_Xword i;
@@ -134,7 +143,8 @@ template <class S> class dynamic_section_accessor_template
// Check unusual case when dynamic section has no data
if ( dynamic_section->get_data() == nullptr ||
( index + 1 ) * dynamic_section->get_entry_size() >
- dynamic_section->get_size() ) {
+ dynamic_section->get_size() ||
+ dynamic_section->get_entry_size() < sizeof( T ) ) {
tag = DT_NULL;
value = 0;
return;
--
GitLab