mirror/upx
1
0
Fork 0
mirror of https://github.com/upx/upx synced 2025-09-28 19:06:07 +08:00
Code Issues Releases Wiki Activity

Detect empty DT_STRTAB

Browse Source 
https://github.com/upx/upx/issues/872
fuzzing from leon.weiss AT @ruhr-uni-bochum.de
	modified:   p_lx_elf.cpp
This commit is contained in:
John Reiser 2025-01-31 11:32:48 -08:00 committed by Markus F.X.J. Oberhumer
parent 344b73dab0
commit 7b06ba0b78
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/p_lx_elf.cpp
View File

@ -2365,7 +2365,7 @@ PackLinuxElf32::invert_pt_dynamic(Elf32_Dyn const *dynp, u32_t headway)
}
unsigned const strtab_beg = !z_tab ? 0 : elf_get_offset_from_address(tmp1);
if (!z_str || !z_tab
if (!z_str || !z_tab || !(strtab_max + strtab_beg)
|| (this->file_size - strtab_beg) < strtab_max // strtab overlaps EOF
// last string in table must have terminating NUL
|| '\0' != ((char *)file_image.getVoidPtr())[-1+ strtab_max + strtab_beg]
@ -8481,7 +8481,7 @@ PackLinuxElf64::invert_pt_dynamic(Elf64_Dyn const *dynp, upx_uint64_t headway)
}
unsigned const strtab_beg = !z_tab ? 0 : elf_get_offset_from_address(tmp1);
if (!z_str || !z_tab
if (!z_str || !z_tab || !(strtab_max + strtab_beg)
|| (this->file_size - strtab_beg) < strtab_max // strtab overlaps EOF
// last string in table must have terminating NUL
|| '\0' != ((char *)file_image.getVoidPtr())[-1+ strtab_max + strtab_beg]