diff mbox series

libdwfl: Make sure dwfl_elf_phdr_memory_callback returns at least minread

Message ID 20211223221931.1183675-1-mark@klomp.org
State Committed
Headers show
Series libdwfl: Make sure dwfl_elf_phdr_memory_callback returns at least minread | expand

Commit Message

Mark Wielaard Dec. 23, 2021, 10:19 p.m. UTC
The callers of dwfl_elf_phdr_memory_callback assume at least minread
bytes are read and available. Make sure to check start is smaller than
elf->maximum_size before reading more. Return false if end - start is
smaller than minread.

Found by afl-fuzz.

Signed-off-by: Mark Wielaard <mark@klomp.org>
---
 libdwfl/ChangeLog   | 5 +++++
 libdwfl/core-file.c | 6 +++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

Comments

Mark Wielaard Jan. 3, 2022, 11:38 p.m. UTC | #1
On Thu, Dec 23, 2021 at 11:19:31PM +0100, Mark Wielaard wrote:
> The callers of dwfl_elf_phdr_memory_callback assume at least minread
> bytes are read and available. Make sure to check start is smaller than
> elf->maximum_size before reading more. Return false if end - start is
> smaller than minread.
> 
> Found by afl-fuzz.

Pushed to master.
diff mbox series

Patch

diff --git a/libdwfl/ChangeLog b/libdwfl/ChangeLog
index abd5c34a..49a35e41 100644
--- a/libdwfl/ChangeLog
+++ b/libdwfl/ChangeLog
@@ -1,3 +1,8 @@ 
+2021-12-23  Mark Wielaard  <mark@klomp.org>
+
+	* core-file.c (dwfl_elf_phdr_memory_callback): Check start <
+	elf->maximum_size and end - start < minread.
+
 2021-12-20  Mark Wielaard  <mark@klomp.org>
 
 	* dwfl_segment_report_module.c (dwfl_segment_report_module): Move
diff --git a/libdwfl/core-file.c b/libdwfl/core-file.c
index b04d1d18..d5be771f 100644
--- a/libdwfl/core-file.c
+++ b/libdwfl/core-file.c
@@ -1,5 +1,6 @@ 
 /* Core file handling.
    Copyright (C) 2008-2010, 2013, 2015 Red Hat, Inc.
+   Copyright (C) 2011 Mark J. Wielaard <mark@klomp.org>
    This file is part of elfutils.
 
    This file is free software; you can redistribute it and/or modify
@@ -320,7 +321,7 @@  dwfl_elf_phdr_memory_callback (Dwfl *dwfl, int ndx,
   (void) more (*buffer_available);
 
   /* If it's already on hand anyway, use as much as there is.  */
-  if (elf->map_address != NULL)
+  if (elf->map_address != NULL && start < elf->maximum_size)
     (void) more (elf->maximum_size - start);
 
   /* Make sure we don't look past the end of the actual file,
@@ -332,6 +333,9 @@  dwfl_elf_phdr_memory_callback (Dwfl *dwfl, int ndx,
   if (unlikely (start >= end))
     return false;
 
+  if (end - start < minread)
+    return false;
+
   if (elf->map_address != NULL)
     {
       void *contents = elf->map_address + elf->start_offset + start;