contrib/elf2dmp: Ensure phdrs fit in file

Callers of elf64_getphdr() and elf_getphdrnum() assume phdrs are accessible. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2202 Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Tested-by: Viktor Prutyanov <viktor.prutyanov@phystech.edu> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20240307-elf2dmp-v4-19-4f324ad4d99d@daynix.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
author: Akihiko Odaki <akihiko.odaki@daynix.com> 2024-03-07 19:21:02 +0900
committer: Peter Maydell <peter.maydell@linaro.org> 2024-03-11 17:06:27 +0000
commit: 98d16e5f724cf4f884cab28956321a4a093474d7 (patch)
tree: ea8355fa7cca00a1345ed36fc2dd2682d340884a
parent: 9de37c288367ad22dd8abe069eeae17faf6e3ed9 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/contrib/elf2dmp/qemu_elf.c b/contrib/elf2dmp/qemu_elf.c
index 8d750adf90..c9bad6e82c 100644
--- a/contrib/elf2dmp/qemu_elf.c
+++ b/contrib/elf2dmp/qemu_elf.c
@@ -132,6 +132,7 @@ static void exit_states(QEMU_Elf *qe)
 static bool check_ehdr(QEMU_Elf *qe)
 {
     Elf64_Ehdr *ehdr = qe->map;
+    uint64_t phendoff;
 
     if (sizeof(Elf64_Ehdr) > qe->size) {
         eprintf("Invalid input dump file size\n");
@@ -173,6 +174,13 @@ static bool check_ehdr(QEMU_Elf *qe)
         return false;
     }
 
+    if (umul64_overflow(ehdr->e_phnum, sizeof(Elf64_Phdr), &phendoff) ||
+        uadd64_overflow(phendoff, ehdr->e_phoff, &phendoff) ||
+        phendoff > qe->size) {
+        eprintf("phdrs do not fit in file\n");
+        return false;
+    }
+
     return true;
 }
author	Akihiko Odaki <akihiko.odaki@daynix.com>	2024-03-07 19:21:02 +0900
committer	Peter Maydell <peter.maydell@linaro.org>	2024-03-11 17:06:27 +0000
commit	98d16e5f724cf4f884cab28956321a4a093474d7 (patch)
tree	ea8355fa7cca00a1345ed36fc2dd2682d340884a
parent	9de37c288367ad22dd8abe069eeae17faf6e3ed9 (diff)