Mirror/upx
1
0
Fork 0
mirror of https://github.com/upx/upx.git synced 2025-08-11 22:52:30 +08:00
Code Issues Projects Releases Wiki Activity

Unpack: better checking of bounds for DT_HASH

Browse Source 
https://issues.oss-fuzz.com/u/1/issues/398075916
	modified:   p_lx_elf.cpp
This commit is contained in:
John Reiser
2025-02-22 07:52:05 -08:00
parent e52a3ceb48
commit 64891286ba
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/p_lx_elf.cpp
View File

@ -2394,6 +2394,12 @@ PackLinuxElf32::invert_pt_dynamic(Elf32_Dyn const *dynp, u32_t headway)
// Find end of DT_HASH
hashend = (unsigned const *)(void const *)(elf_find_table_size(
Elf32_Dyn::DT_HASH, Elf32_Shdr::SHT_HASH) + (char const *)hashtab);
if (!hashtab || (char const *)hashend <= (char const *)&hashtab[2]
|| file_image.getSizeInBytes()
< (unsigned)((char const *)&hashtab[2] - (char *)&file_image[0]) )
{
throwCantPack("bad DT_HASH %#x", v_hsh);
}
unsigned const nbucket = get_te32(&hashtab[0]);
unsigned const *const buckets = &hashtab[2];
@ -8461,6 +8467,12 @@ PackLinuxElf64::invert_pt_dynamic(Elf64_Dyn const *dynp, upx_uint64_t headway)
// Find end of DT_HASH
hashend = (unsigned const *)(void const *)(elf_find_table_size(
Elf64_Dyn::DT_HASH, Elf64_Shdr::SHT_HASH) + (char const *)hashtab);
if (!hashtab || (char const *)hashend <= (char const *)&hashtab[2]
|| file_image.getSizeInBytes()
< (unsigned)((char const *)&hashtab[2] - (char *)&file_image[0]) )
{
throwCantPack("bad DT_HASH %#x", v_hsh);
}
unsigned const nbucket = get_te32(&hashtab[0]);
unsigned const *const buckets = &hashtab[2];