jory/upx
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

find_dt_ndx defends against overrun

Browse Source 
https://github.com/upx/upx/issues/790
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66344&q=label%3AProj-upx
	modified:   p_lx_elf.cpp
This commit is contained in:
John Reiser 2024-02-26 14:32:02 -08:00 committed by Markus F.X.J. Oberhumer
parent 06b0de9c77
commit 680ce0a7af
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/p_lx_elf.cpp
View File

@ -2028,7 +2028,11 @@ PackLinuxElf32::sort_DT32_offsets(Elf32_Dyn const *const dynp0)
unsigned PackLinuxElf32::find_dt_ndx(unsigned rva)
{
unsigned *const dto = (unsigned *)mb_dt_offsets.getVoidPtr();
unsigned *const dto_end = (unsigned *)(mb_dt_offsets.getSize() + dto);
for (unsigned j = 0; dto[j]; ++j) { // linear search of short table
if (dto_end <= &dto[j]) { // defensive
return ~0u;
}
if (rva == dto[j]) {
return j;
}
@ -7941,7 +7945,11 @@ PackLinuxElf64::sort_DT64_offsets(Elf64_Dyn const *const dynp0)
unsigned PackLinuxElf64::find_dt_ndx(u64_t rva)
{
unsigned *const dto = (unsigned *)mb_dt_offsets.getVoidPtr();
unsigned *const dto_end = (unsigned *)(mb_dt_offsets.getSize() + dto);
for (unsigned j = 0; dto[j]; ++j) { // linear search of short table
if (dto_end <= &dto[j]) { // defensive
return ~0u;
}
if (rva == dto[j]) {
return j;
}