Re: [PATCH v4 bpf-next 01/10] lib/buildid: harden build ID parsing logic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> +		name_sz = READ_ONCE(nhdr->n_namesz);
> +		desc_sz = READ_ONCE(nhdr->n_descsz);
> +		new_offs = note_offs + sizeof(Elf32_Nhdr) + ALIGN(name_sz, 4) + ALIGN(desc_sz, 4);

Don't you need to check the name_sz and desc_sz overflows separately?

Otherwise name_sz could be ~0 and desc_sz small (or reversed) and the check
below wouldn't trigger, but still bad things could happen.


> +		if (new_offs <= note_offs /* overflow */ || new_offs > note_size)
> +			break;

-Andi




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux