41 lines
2.0 KiB
Diff
41 lines
2.0 KiB
Diff
|
From 2fcb340ec5faf51a8d9b0cb2ddd8386b4db6a33d Mon Sep 17 00:00:00 2001
|
||
|
From: Romain Geissler <romain.geissler@amadeus.com>
|
||
|
Date: Thu, 22 Jun 2023 16:05:18 +0000
|
||
|
Subject: [PATCH] elf-util: check for overflow when computing end of core's
|
||
|
PT_LOAD segments
|
||
|
|
||
|
(cherry picked from commit 3965f173eae4701a014113cfaf4a28a6bb63bed7)
|
||
|
|
||
|
Resolves: #2222259
|
||
|
---
|
||
|
src/shared/elf-util.c | 9 ++++++++-
|
||
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c
|
||
|
index d746f3ab3f..bde5013b92 100644
|
||
|
--- a/src/shared/elf-util.c
|
||
|
+++ b/src/shared/elf-util.c
|
||
|
@@ -532,14 +532,21 @@ static int module_callback(Dwfl_Module *mod, void **userdata, const char *name,
|
||
|
for (size_t i = 0; i < n_program_headers; ++i) {
|
||
|
GElf_Phdr mem, *program_header;
|
||
|
Elf_Data *data;
|
||
|
+ GElf_Addr end_of_segment;
|
||
|
|
||
|
/* The core file stores the ELF files in the PT_LOAD segment. */
|
||
|
program_header = sym_gelf_getphdr(elf, i, &mem);
|
||
|
if (!program_header || program_header->p_type != PT_LOAD)
|
||
|
continue;
|
||
|
|
||
|
+ /* Check that the end of segment is a valid address. */
|
||
|
+ if (__builtin_add_overflow(program_header->p_vaddr, program_header->p_memsz, &end_of_segment)) {
|
||
|
+ log_error("Abort due to corrupted core dump, end of segment address %#zx + %#zx overflows", (size_t)program_header->p_vaddr, (size_t)program_header->p_memsz);
|
||
|
+ return DWARF_CB_ABORT;
|
||
|
+ }
|
||
|
+
|
||
|
/* This PT_LOAD segment doesn't contain the start address, so it can't be the module we are looking for. */
|
||
|
- if (start < program_header->p_vaddr || start >= program_header->p_vaddr + program_header->p_memsz)
|
||
|
+ if (start < program_header->p_vaddr || start >= end_of_segment)
|
||
|
continue;
|
||
|
|
||
|
/* Now get a usable Elf reference, and parse the notes from it. */
|