When doing a string comparison for a symbol name from the string table,
we should make sure we do a bounded comparison, otherwise a non-NUL
terminated string might make the code read out-of-bounds.
Warned-by: coverity
There are a couple of malloc() calls with unbounded size arguments,
coming from the parsed file. We need to make sure the size is not
larger than the file being parsed, otherwise we might end up with
out of memory conditions.
Reported-by: Daniel Hodson <daniel@elttam.com.au>
Signed-off-by: Guillem Jover <guillem@hadrons.org>
We should check for partial reads, and not continue in those cases,
as we are not retrying them, otherwise we might end up operating on
uninitialized data.
Reported-by: Daniel Hodson <daniel@elttam.com.au>
Based-on-patch-by: Daniel Hodson <daniel@elttam.com.au>
Signed-off-by: Guillem Jover <guillem@hadrons.org>
The sh_link members should be >= e_shnum, otherwise we might do out of
bounds read accesses on the shdr array.
Reported-by: Daniel Hodson <daniel@elttam.com.au>
Based-on-patch-by: Daniel Hodson <daniel@elttam.com.au>
Signed-off-by: Guillem Jover <guillem@hadrons.org>
The e_shnum must not be 0, otherwise we will do a zero sized allocation
and further processing of the executable will lead to out of bounds
read/write accesses. The e_shentsize must be equal to sizeof(Elf_Shdr),
otherwise we will perform out of bounds read accesses on the shdr array.
Reported-by: Daniel Hodson <daniel@elttam.com.au>
Based-on-patch-by: Daniel Hodson <daniel@elttam.com.au>
Signed-off-by: Guillem Jover <guillem@hadrons.org>
The offset is not page aligned, which makes mmap() return EINVAL on
Linux. Switch to use pread() which handles unaligned offset and non-page
sized reads, and because we are already loading parts of the executable
by read() calls, so there's not much point in using mmap() anyway.
Some libc libraries do not have an <a.out.h> header. And a.out as an
executable format is very much obsolete on pretty much all currently
supported systems, even if they might still support loading such
objects.
Remove the a.out support to increase portability.
Some systems do not have these types available, and they are simply
convenience aliases. Instead use the expanded versions which are more
portable.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=101192
These are required due to the O_* macro usage, but have passed
undetected on glibc-based systems due to implicit inclusions.
Signed-off-by: Guillem Jover <guillem@hadrons.org>
