mirror of
https://gitlab.freedesktop.org/libbsd/libbsd.git
synced 2025-01-24 02:51:43 +01:00
nlist: Fix unbounded malloc() calls
There are a couple of malloc() calls with unbounded size arguments, coming from the parsed file. We need to make sure the size is not larger than the file being parsed, otherwise we might end up with out of memory conditions. Reported-by: Daniel Hodson <daniel@elttam.com.au> Signed-off-by: Guillem Jover <guillem@hadrons.org>
This commit is contained in:
parent
ce53f7c25f
commit
18662cadfc
@ -151,7 +151,7 @@ __fdnlist(int fd, struct nlist *list)
|
||||
shdr_size = ehdr.e_shentsize * ehdr.e_shnum;
|
||||
|
||||
/* Make sure it's not too big to mmap */
|
||||
if (shdr_size > SIZE_T_MAX) {
|
||||
if (shdr_size > SIZE_T_MAX || shdr_size > st.st_size) {
|
||||
errno = EFBIG;
|
||||
return (-1);
|
||||
}
|
||||
@ -184,7 +184,7 @@ __fdnlist(int fd, struct nlist *list)
|
||||
}
|
||||
|
||||
/* Check for files too large to mmap. */
|
||||
if (symstrsize > SIZE_T_MAX) {
|
||||
if (symstrsize > SIZE_T_MAX || symstrsize > st.st_size) {
|
||||
errno = EFBIG;
|
||||
goto done;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user