mirror/upx
1
0
Fork 0
mirror of https://github.com/upx/upx synced 2025-10-05 19:20:23 +08:00
Code Issues Releases Wiki Activity

More checking of DT_GNU_HASH and DT_HASH tables

Browse Source 
https://github.com/upx/upx/issues/381
	modified:   p_lx_elf.cpp
This commit is contained in:
John Reiser 2020-05-23 10:04:38 -07:00 committed by Markus F.X.J. Oberhumer
parent b327645e64
commit 962c35aa08
1 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/p_lx_elf.cpp
View File

@ -5362,7 +5362,8 @@ Elf32_Sym const *PackLinuxElf32::elf_lookup(char const *name) const
unsigned const *const buckets = &hashtab[2];
unsigned const *const chains = &buckets[nbucket];
unsigned const m = elf_hash(name) % nbucket;
if ((unsigned)(file_size - ((char const *)buckets - (char const *)(void const *)file_image))
if (!nbucket
|| (unsigned)(file_size - ((char const *)buckets - (char const *)(void const *)file_image))
<= sizeof(unsigned)*nbucket ) {
char msg[80]; snprintf(msg, sizeof(msg),
"bad nbucket %#x\n", nbucket);
@ -5384,7 +5385,14 @@ Elf32_Sym const *PackLinuxElf32::elf_lookup(char const *name) const
unsigned const *const bitmask = &gashtab[4];
unsigned const *const buckets = &bitmask[n_bitmask];
unsigned const *const hasharr = &buckets[n_bucket];
if ((unsigned)(file_size - ((char const *)bitmask - (char const *)(void const *)file_image))
if (!n_bucket
|| (void const *)&file_image[file_size] <= (void const *)hasharr) {
char msg[80]; snprintf(msg, sizeof(msg),
"bad n_bucket %#x\n", n_bucket);
throwCantPack(msg);
}
if (!n_bitmask
|| (unsigned)(file_size - ((char const *)bitmask - (char const *)(void const *)file_image))
<= sizeof(unsigned)*n_bitmask ) {
char msg[80]; snprintf(msg, sizeof(msg),
"bad n_bitmask %#x\n", n_bitmask);
@ -5431,7 +5439,8 @@ Elf64_Sym const *PackLinuxElf64::elf_lookup(char const *name) const
unsigned const *const buckets = &hashtab[2];
unsigned const *const chains = &buckets[nbucket];
unsigned const m = elf_hash(name) % nbucket;
if ((unsigned)(file_size - ((char const *)buckets - (char const *)(void const *)file_image))
if (!nbucket
|| (unsigned)(file_size - ((char const *)buckets - (char const *)(void const *)file_image))
<= sizeof(unsigned)*nbucket ) {
char msg[80]; snprintf(msg, sizeof(msg),
"bad nbucket %#x\n", nbucket);
@ -5453,7 +5462,14 @@ Elf64_Sym const *PackLinuxElf64::elf_lookup(char const *name) const
upx_uint64_t const *const bitmask = (upx_uint64_t const *)(void const *)&gashtab[4];
unsigned const *const buckets = (unsigned const *)&bitmask[n_bitmask];
unsigned const *const hasharr = &buckets[n_bucket];
if ((unsigned)(file_size - ((char const *)bitmask - (char const *)(void const *)file_image))
if (!n_bucket
|| (void const *)&file_image[file_size] <= (void const *)hasharr) {
char msg[80]; snprintf(msg, sizeof(msg),
"bad n_bucket %#x\n", n_bucket);
throwCantPack(msg);
}
if (!n_bitmask
|| (unsigned)(file_size - ((char const *)bitmask - (char const *)(void const *)file_image))
<= sizeof(unsigned)*n_bitmask ) {
char msg[80]; snprintf(msg, sizeof(msg),
"bad n_bitmask %#x\n", n_bitmask);