diff options
Diffstat (limited to 'src/readelf.c')
| -rw-r--r-- | src/readelf.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/readelf.c b/src/readelf.c index f838a885..6a6fd310 100644 --- a/src/readelf.c +++ b/src/readelf.c @@ -27,7 +27,7 @@ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: readelf.c,v 1.181 2022/07/07 17:19:52 christos Exp $") +FILE_RCSID("@(#)$File: readelf.c,v 1.182 2022/07/31 16:01:01 christos Exp $") #endif #ifdef BUILTIN_ELF @@ -62,6 +62,7 @@ private uint64_t getu64(int, uint64_t); #define MAX_PHNUM 128 #define MAX_SHNUM 32768 +#define MAX_SHSIZE (64 * 1024 * 1024) #define SIZE_UNKNOWN CAST(off_t, -1) private int @@ -1449,6 +1450,12 @@ doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num, return -1; return 0; } + if (xsh_size > MAX_SHSIZE) { + file_error(ms, errno, "Note section size too " + "big (%ju > %u)", (uintmax_t)xsh_size, + MAX_SHSIZE); + return -1; + } if ((nbuf = malloc(xsh_size)) == NULL) { file_error(ms, errno, "Cannot allocate memory" " for note"); |