commit: 81658ac5842906a286373096691a5f8e3ad6aa2d Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> AuthorDate: Sat Dec 12 21:33:07 2015 +0000 Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> CommitDate: Sat Dec 12 21:33:07 2015 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=81658ac5
dumpelf: handle corrupt dynamic tags URL: https://bugs.gentoo.org/567956 Reported-by: Brian Carpenter <brian.carpenter <AT> gmail.com> dumpelf.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dumpelf.c b/dumpelf.c index fe0001b..4675904 100644 --- a/dumpelf.c +++ b/dumpelf.c @@ -138,6 +138,10 @@ static void dumpelf(const char *filename, long file_cnt) Elf ## B ## _Dyn *dyn = elf->vdata + EGET(phdr->p_offset); \ i = 0; \ do { \ + if ((void *)dyn >= elf->data_end - sizeof(*dyn)) { \ + printf(" /* invalid dynamic tags ! */ "); \ + break; \ + } \ dump_dyn(elf, dyn++, i++); \ } while (EGET(dyn->d_tag) != DT_NULL); \ }
