jory/upx
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

mb_dt_offsets.clear() prevents undef from corrupted input

Browse Source 
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66344&q=label%3AProj-upx
	modified:   p_lx_elf.cpp
This commit is contained in:
John Reiser 2024-05-04 09:56:34 -07:00
parent a831a20910
commit 548227a55b
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/p_lx_elf.cpp
View File

@ -1989,6 +1989,7 @@ void
PackLinuxElf32::sort_DT32_offsets(Elf32_Dyn const *const dynp0) PackLinuxElf32::sort_DT32_offsets(Elf32_Dyn const *const dynp0)
{ {
mb_dt_offsets.alloc(sizeof(unsigned) * sizeof(dt_keys)/sizeof(dt_keys[0])); mb_dt_offsets.alloc(sizeof(unsigned) * sizeof(dt_keys)/sizeof(dt_keys[0]));
mb_dt_offsets.clear();
dt_offsets = (unsigned *)mb_dt_offsets.getVoidPtr(); dt_offsets = (unsigned *)mb_dt_offsets.getVoidPtr();
unsigned n_off = 0, k; unsigned n_off = 0, k;
for (unsigned j=0; ((k = dt_keys[j]), k); ++j) { for (unsigned j=0; ((k = dt_keys[j]), k); ++j) {
@ -7909,6 +7910,7 @@ void
PackLinuxElf64::sort_DT64_offsets(Elf64_Dyn const *const dynp0) PackLinuxElf64::sort_DT64_offsets(Elf64_Dyn const *const dynp0)
{ {
mb_dt_offsets.alloc(sizeof(unsigned) * sizeof(dt_keys)/sizeof(dt_keys[0])); mb_dt_offsets.alloc(sizeof(unsigned) * sizeof(dt_keys)/sizeof(dt_keys[0]));
mb_dt_offsets.clear();
dt_offsets = (unsigned *)mb_dt_offsets.getVoidPtr(); dt_offsets = (unsigned *)mb_dt_offsets.getVoidPtr();
unsigned n_off = 0, k; unsigned n_off = 0, k;
for (unsigned j=0; ((k = dt_keys[j]), k); ++j) { for (unsigned j=0; ((k = dt_keys[j]), k); ++j) {