mirror/upx
1
0
Fork 0
mirror of https://github.com/upx/upx synced 2025-10-05 19:20:23 +08:00
Code Issues Releases Wiki Activity

Detect too-large bit-shift in elf_lookup of DT_GNUHASH

Browse Source 
https://github.com/upx/upx/issues/782
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65776
	modified:   p_lx_elf.cpp
This commit is contained in:
John Reiser 2024-01-27 13:38:25 -08:00
parent 2767ec54e1
commit dff3766501
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/p_lx_elf.cpp
View File

@ -2191,6 +2191,12 @@ PackLinuxElf32::invert_pt_dynamic(Elf32_Dyn const *dynp, u32_t headway)
"bad n_bucket %#x\n", n_bucket);
throwCantPack(msg);
}
// It would be better to detect zeroes shifted into low 5 bits of:
// (037 & (hash_32 >> gnu_shift))
// but compilers can be stupid.
if (31 < gnu_shift) {
throwCantPack("bad gnu_shift %d", gnu_shift);
}
// unsigned const *const gashend = &hasharr[n_bucket];
// minimum, except:
// Rust and Android trim unused zeroes from high end of hasharr[]
@ -8103,6 +8109,12 @@ PackLinuxElf64::invert_pt_dynamic(Elf64_Dyn const *dynp, upx_uint64_t headway)
"bad n_bucket %#x\n", n_bucket);
throwCantPack(msg);
}
// It would be better to detect zeroes shifted into low 6 bits of:
// (077 & (hash_32 >> gnu_shift))
// but compilers can be stupid.
if (31 < gnu_shift) {
throwCantPack("bad gnu_shift %d", gnu_shift);
}
// unsigned const *const gashend = &hasharr[n_bucket];
// minimum, except:
// Rust and Android trim unused zeroes from high end of hasharr[]