ref: ae427c00bd74c3fb4949613bb85e0beac2de8acf
parent: 274d10df988f048001306a73fc2528340c50b10e
author: Roberto E. Vargas Caballero <k0ga@shike2.com>
date: Fri Nov 24 11:55:05 EST 2017
[nm] Add more overflow checks
--- a/nm/main.c
+++ b/nm/main.c
@@ -1,6 +1,8 @@
static char sccsid[] = "@(#) ./nm/main.c";
#include <errno.h>
+#include <limits.h>
+#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -58,16 +60,37 @@
nm(char *fname, char *member, FILE *fp)
{struct myrohdr hdr;
- size_t n;
+ struct myrosym *syms;
+ size_t n, siz;
- if (rdmyrohdr(fp, &hdr) < 0)
+ if (rdmyrohdr(fp, &hdr) < 0) {+ fprintf(stderr, "nm: %s: incorrect header\n", member);
return;
+ }
+ if (hdr.symsize / MYROSYM_SIZ > SIZE_MAX)
+ goto too_big;
+
n = hdr.symsize / MYROSYM_SIZ;
if (n == 0) {fprintf(stderr, "nm: %s: no name list\n", member);
return;
}
+
+ if (n > SIZE_MAX / sizeof(struct myrosym))
+ goto too_big;
+
+ siz = n * sizeof(struct myrosym);
+ syms = xmalloc(n);
+
+ while (n--)
+ ;
+
+ return;
+
+too_big:
+ fprintf(stderr, "nm: %s: too big symbol table\n", member);
+ return;
}
static void