Fix theoretical integer overflow issues. If the product here is

greater than 2^31-1, then the result will be huge. This is unlikely,
as we don't support that many sections, but out of an abundace of
caution cast to size_t so the multiplication won't overflow
mysteriously when size_t is larger than 32-bits. The resulting code
may be a smidge larger, but this isn't super-space critical code.

CID: 1194216, 1194217, 1194222, 1194223, 1265018, 1265019,1265020,
     1265021
Sponsored by: Netflix
This commit is contained in:
imp 2017-11-24 05:00:25 +00:00
parent bcc38930ac
commit 7f37401396

View File

@ -456,7 +456,7 @@ __elfN(loadimage)(struct preloaded_file *fp, elf_file_t ef, u_int64_t off)
* think the rule is going to have to be that you must strip a
* file to remove symbols before gzipping it.
*/
chunk = ehdr->e_shnum * ehdr->e_shentsize;
chunk = (size_t)ehdr->e_shnum * (size_t)ehdr->e_shentsize;
if (chunk == 0 || ehdr->e_shoff == 0)
goto nosyms;
shdr = alloc_pread(ef->fd, ehdr->e_shoff, chunk);
@ -747,7 +747,7 @@ __elfN(load_modmetadata)(struct preloaded_file *fp, u_int64_t dest)
goto out;
}
size = ef.ehdr->e_shnum * ef.ehdr->e_shentsize;
size = (size_t)ef.ehdr->e_shnum * (size_t)ef.ehdr->e_shentsize;
shdr = alloc_pread(ef.fd, ef.ehdr->e_shoff, size);
if (shdr == NULL) {
err = ENOMEM;