mirror/upx
1
0
Fork 0
mirror of https://github.com/upx/upx synced 2025-09-28 19:06:07 +08:00
Code Issues Releases Wiki Activity

invert_pt_dynamic defends against missing DT_STRTAB or DT_STRSIZ

Browse Source 
https://github.com/upx/upx/issues/872
fuzzing from leon.weiss AT @ruhr-uni-bochum.de
	modified:   p_lx_elf.cpp
This commit is contained in:
John Reiser 2025-01-30 11:42:09 -08:00 committed by Markus F.X.J. Oberhumer
parent 0870514194
commit 344b73dab0
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/p_lx_elf.cpp
View File

@ -2359,7 +2359,7 @@ PackLinuxElf32::invert_pt_dynamic(Elf32_Dyn const *dynp, u32_t headway)
unsigned const z_str = dt_table[Elf32_Dyn::DT_STRSZ]; unsigned const z_str = dt_table[Elf32_Dyn::DT_STRSZ];
strtab_max = !z_str ? 0 : get_te32(&dynp0[-1+ z_str].d_val); strtab_max = !z_str ? 0 : get_te32(&dynp0[-1+ z_str].d_val);
unsigned const z_tab = dt_table[Elf32_Dyn::DT_STRTAB]; unsigned const z_tab = dt_table[Elf32_Dyn::DT_STRTAB];
unsigned const tmp1 = get_te32(&dynp0[-1+ z_tab].d_val); unsigned const tmp1 = !z_tab ? 0 : get_te32(&dynp0[-1+ z_tab].d_val);
if (tmp1 < sz_elf_hdrs) { if (tmp1 < sz_elf_hdrs) {
throwCantPack("bad DT_STRTAB %#x", tmp1); throwCantPack("bad DT_STRTAB %#x", tmp1);
} }
@ -8475,7 +8475,7 @@ PackLinuxElf64::invert_pt_dynamic(Elf64_Dyn const *dynp, upx_uint64_t headway)
unsigned const z_str = dt_table[Elf64_Dyn::DT_STRSZ]; unsigned const z_str = dt_table[Elf64_Dyn::DT_STRSZ];
strtab_max = !z_str ? 0 : get_te64(&dynp0[-1+ z_str].d_val); strtab_max = !z_str ? 0 : get_te64(&dynp0[-1+ z_str].d_val);
unsigned const z_tab = dt_table[Elf64_Dyn::DT_STRTAB]; unsigned const z_tab = dt_table[Elf64_Dyn::DT_STRTAB];
unsigned const tmp1 = get_te64(&dynp0[-1+ z_tab].d_val); unsigned const tmp1 = !z_tab ? 0 : get_te64(&dynp0[-1+ z_tab].d_val);
if (tmp1 < sz_elf_hdrs) { if (tmp1 < sz_elf_hdrs) {
throwCantPack("bad DT_STRTAB %#x", tmp1); throwCantPack("bad DT_STRTAB %#x", tmp1);
} }