mirror/upx
1
0
Fork 0
mirror of https://github.com/upx/upx synced 2025-09-28 19:06:07 +08:00
Code Issues Releases Wiki Activity

Better checking of DT_HASH.nbuckets

Browse Source 
https://github.com/upx/upx/issues/507
	modified:   p_lx_elf.cpp
This commit is contained in:
John Reiser 2021-12-24 15:52:16 -08:00 committed by Markus F.X.J. Oberhumer
parent adafa841f7
commit 284adb203f
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/p_lx_elf.cpp
View File

@ -1688,7 +1688,8 @@ PackLinuxElf32::invert_pt_dynamic(Elf32_Dyn const *dynp, unsigned headway)
unsigned const *const chains = &buckets[nbucket]; (void)chains;
unsigned const v_sym = !x_sym ? 0 : get_te32(&dynp0[-1+ x_sym].d_val);
if ((nbucket>>31) || !v_sym || (unsigned)file_size <= v_sym
if ((unsigned)file_size <= nbucket/sizeof(*buckets) // FIXME: weak
|| !v_sym || (unsigned)file_size <= v_sym
|| ((v_hsh < v_sym) && (v_sym - v_hsh) < sizeof(*buckets)*(2+ nbucket))
) {
char msg[80]; snprintf(msg, sizeof(msg),
@ -5556,7 +5557,8 @@ PackLinuxElf64::invert_pt_dynamic(Elf64_Dyn const *dynp, upx_uint64_t headway)
unsigned const *const chains = &buckets[nbucket]; (void)chains;
unsigned const v_sym = !x_sym ? 0 : get_te32(&dynp0[-1+ x_sym].d_val);
if ((nbucket>>31) || !v_sym || (unsigned)file_size <= v_sym
if ((unsigned)file_size <= nbucket/sizeof(*buckets) // FIXME: weak
|| !v_sym || (unsigned)file_size <= v_sym
|| ((v_hsh < v_sym) && (v_sym - v_hsh) < sizeof(*buckets)*(2+ nbucket))
) {
char msg[80]; snprintf(msg, sizeof(msg),