From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id CAA2D139694 for ; Sat, 11 Feb 2017 07:06:16 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9490121C043; Sat, 11 Feb 2017 07:06:13 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6E3D021C043 for ; Sat, 11 Feb 2017 07:06:13 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 2AF29340FC1 for ; Sat, 11 Feb 2017 07:06:12 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id E9C6C43D0 for ; Sat, 11 Feb 2017 07:06:09 +0000 (UTC) From: "Mike Frysinger" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Frysinger" Message-ID: <1486796089.e577c5b7e230c52e5fc4fa40e4e9014c634b3c1d.vapier@gentoo> Subject: [gentoo-commits] proj/pax-utils:master commit in: / X-VCS-Repository: proj/pax-utils X-VCS-Files: scanelf.c X-VCS-Directories: / X-VCS-Committer: vapier X-VCS-Committer-Name: Mike Frysinger X-VCS-Revision: e577c5b7e230c52e5fc4fa40e4e9014c634b3c1d X-VCS-Branch: master Date: Sat, 11 Feb 2017 07:06:09 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 037e8be3-c944-4236-9f68-cb5569d33857 X-Archives-Hash: 996c0c25519309c5a0fe70966b07cf70 commit: e577c5b7e230c52e5fc4fa40e4e9014c634b3c1d Author: Mike Frysinger gentoo org> AuthorDate: Sat Feb 11 06:54:49 2017 +0000 Commit: Mike Frysinger gentoo org> CommitDate: Sat Feb 11 06:54:49 2017 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e577c5b7 scanelf: check range of hash bucket Make sure we don't walk off the end of the ELF with a corrupt hash table. URL: https://bugs.gentoo.org/608766 Reported-by: Agostino Sarubbo gentoo.org> scanelf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scanelf.c b/scanelf.c index 79ce59c..70856f3 100644 --- a/scanelf.c +++ b/scanelf.c @@ -332,7 +332,8 @@ static void scanelf_file_get_symtabs(elfobj *elf, void **sym, void **str) if (!buckets[b]) \ continue; \ for (sym_idx = buckets[b], chained = 0; \ - sym_idx < nchains && sym_idx && chained <= nchains; \ + (sym_idx < nchains && sym_idx && chained <= nchains && \ + (void *)&chains[sym_idx] + sizeof(*chains) < elf->data_end); \ sym_idx = chains[sym_idx], ++chained) { \ if (max_sym_idx < sym_idx) \ max_sym_idx = sym_idx; \