summaryrefslogtreecommitdiff
path: root/usr/src/cmd
diff options
context:
space:
mode:
authorRichard Lowe <richlowe@richlowe.net>2014-11-25 20:47:23 -0500
committerRichard Lowe <richlowe@richlowe.net>2015-01-09 13:28:13 -0500
commit98cadd320d4521e7438bc624f89adef498589add (patch)
tree3aa3e7ba3fda9494278c51c312353f88f4c72946 /usr/src/cmd
parentfe319232d24f4ae183730a5a24a09423d8ab4429 (diff)
downloadillumos-gate-98cadd320d4521e7438bc624f89adef498589add.tar.gz
5507 libelf may overflow data buffer when translating data to memory representation
Reviewed by: Gordon Ross <gwr@nexenta.com> Reviewed by: Igor Kozhukhov <ikozhukhov@gmail.com> Approved by: Robert Mustacchi <rm@joyent.com>
Diffstat (limited to 'usr/src/cmd')
-rw-r--r--usr/src/cmd/sgs/libelf/common/clscook.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/usr/src/cmd/sgs/libelf/common/clscook.c b/usr/src/cmd/sgs/libelf/common/clscook.c
index f43d9a688c..12389c0dff 100644
--- a/usr/src/cmd/sgs/libelf/common/clscook.c
+++ b/usr/src/cmd/sgs/libelf/common/clscook.c
@@ -27,8 +27,6 @@
/* Copyright (c) 1988 AT&T */
/* All Rights Reserved */
-#pragma ident "%Z%%M% %I% %E% SMI"
-
/*
* This stuff used to live in cook.c, but was moved out to
* facilitate dual (Elf32 and Elf64) compilation. See block
@@ -39,6 +37,7 @@
#include <ar.h>
#include <stdlib.h>
#include <errno.h>
+#include <sys/sysmacros.h>
#include "decl.h"
#include "member.h"
#include "msg.h"
@@ -177,7 +176,7 @@ _elf_cookscn(Elf_Scn * s)
d->db_data.d_off = 0;
fsz = elf_fsize(d->db_data.d_type, 1, elf->ed_version);
msz = _elf_msize(d->db_data.d_type, elf->ed_version);
- d->db_data.d_size = (sh->sh_size / fsz) * msz;
+ d->db_data.d_size = MAX(sh->sh_size, (sh->sh_size / fsz) * msz);
d->db_shsz = sh->sh_size;
d->db_raw = 0;
d->db_buf = 0;