dev-util/radare2/files/radare2-2.0.1-635618-p2.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

From 44ded3ff35b8264f54b5a900cab32ec489d9e5b9 Mon Sep 17 00:00:00 2001
From: pancake <pancake@nopcode.org>
Date: Wed, 25 Oct 2017 18:09:24 +0200
Subject: [PATCH] Fix #8743 - Crash in ELF version parser on 32bit systems

---
 libr/bin/format/elf/elf.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libr/bin/format/elf/elf.c b/libr/bin/format/elf/elf.c
index e3c852fd3..2248731b3 100644
--- a/libr/bin/format/elf/elf.c
+++ b/libr/bin/format/elf/elf.c
@@ -748,7 +748,12 @@ static Sdb *store_versioninfo_gnu_verdef(ELFOBJ *bin, Elf_(Shdr) *shdr, int sz)
 		verdef->vd_hash = READ32 (dfs, j)
 		verdef->vd_aux = READ32 (dfs, j)
 		verdef->vd_next = READ32 (dfs, j)
-		vstart += verdef->vd_aux;
+		int vdaux = verdef->vd_aux;
+		if (vdaux < 1) {
+			sdb_free (sdb_verdef);
+			goto out_error;
+		}
+		vstart += vdaux;
 		if (vstart > end || vstart + sizeof (Elf_(Verdaux)) > end) {
 			sdb_free (sdb_verdef);
 			goto out_error;
-- 
2.14.3