libelf: Don't crash elf[32|64]_xlateto[fm] on bad arguments.
Commit Message
Check that src and dest aren't NULL and that src->d_type < ELF_T_NUM.
* elf32_xlatetof.c (elfw2(LIBELFBITS, xlatetof)): Check src, dest
and src->d_type are valid.
* elf32_xlatetom.c (elfw2(LIBELFBITS, xlatetom)): Likewise.
Signed-off-by: Mark Wielaard <mark@klomp.org>
---
libelf/elf32_xlatetof.c | 9 +++++++++
libelf/elf32_xlatetom.c | 9 +++++++++
2 files changed, 18 insertions(+)
Comments
Hi,
On Wed, 2024-08-28 at 23:58 +0200, Mark Wielaard wrote:
> Check that src and dest aren't NULL and that src->d_type < ELF_T_NUM.
>
> * elf32_xlatetof.c (elfw2(LIBELFBITS, xlatetof)): Check src, dest
> and src->d_type are valid.
> * elf32_xlatetom.c (elfw2(LIBELFBITS, xlatetom)): Likewise.
Pushed to main,
Mark
@@ -45,6 +45,15 @@ Elf_Data *
elfw2(LIBELFBITS, xlatetof) (Elf_Data *dest, const Elf_Data *src,
unsigned int encode)
{
+ if (src == NULL || dest == NULL)
+ return NULL;
+
+ if (src->d_type >= ELF_T_NUM)
+ {
+ __libelf_seterrno (ELF_E_UNKNOWN_TYPE);
+ return NULL;
+ }
+
/* First test whether the input data is really suitable for this
type. This means, whether there is an integer number of records.
Note that for this implementation the memory and file size of the
@@ -45,6 +45,15 @@ Elf_Data *
elfw2(LIBELFBITS, xlatetom) (Elf_Data *dest, const Elf_Data *src,
unsigned int encode)
{
+ if (src == NULL || dest == NULL)
+ return NULL;
+
+ if (src->d_type >= ELF_T_NUM)
+ {
+ __libelf_seterrno (ELF_E_UNKNOWN_TYPE);
+ return NULL;
+ }
+
/* First test whether the input data is really suitable for this
type. This means, whether there is an integer number of records.
Note that for this implementation the memory and file size of the