[PULL 08/24] elf2dmp: check array bounds in pdb_get_file

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 08/24] elf2dmp: check array bounds in pdb_get_file_size

From:	Peter Maydell
Subject:	[PULL 08/24] elf2dmp: check array bounds in pdb_get_file_size
Date:	Thu, 19 Oct 2023 14:35:21 +0100

From: Viktor Prutyanov <viktor@daynix.com>

Index in file_size array must be checked against num_files, because the
entries we are looking for may be absent in the PDB.

Fixes: Coverity CID 1521597
Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230930235317.11469-3-viktor@daynix.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 contrib/elf2dmp/pdb.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/contrib/elf2dmp/pdb.c b/contrib/elf2dmp/pdb.c
index 6ca5086f02e..8e3c18c82f7 100644
--- a/contrib/elf2dmp/pdb.c
+++ b/contrib/elf2dmp/pdb.c
@@ -25,6 +25,10 @@
 
 static uint32_t pdb_get_file_size(const struct pdb_reader *r, unsigned idx)
 {
+    if (idx >= r->ds.toc->num_files) {
+        return 0;
+    }
+
     return r->ds.toc->file_size[idx];
 }
 
@@ -159,16 +163,17 @@ static void *pdb_ds_read_file(struct pdb_reader* r, 
uint32_t file_number)
 
 static int pdb_init_segments(struct pdb_reader *r)
 {
-    char *segs;
     unsigned stream_idx = r->segments;
 
-    segs = pdb_ds_read_file(r, stream_idx);
-    if (!segs) {
+    r->segs = pdb_ds_read_file(r, stream_idx);
+    if (!r->segs) {
         return 1;
     }
 
-    r->segs = segs;
     r->segs_size = pdb_get_file_size(r, stream_idx);
+    if (!r->segs_size) {
+        return 1;
+    }
 
     return 0;
 }
-- 
2.34.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 23/24] hw/timer/npcm7xx_timer: Prevent timer from counting down past zero, (continued)
- [PULL 23/24] hw/timer/npcm7xx_timer: Prevent timer from counting down past zero, Peter Maydell, 2023/10/19
- [PULL 16/24] hw/arm/smmuv3: Update ID register bit field definitions, Peter Maydell, 2023/10/19
- [PULL 17/24] hw/arm/smmuv3: Sort ID register setting into field order, Peter Maydell, 2023/10/19
- [PULL 24/24] contrib/elf2dmp: Use g_malloc(), g_new() and g_free(), Peter Maydell, 2023/10/19
- [PULL 18/24] hw/arm/smmuv3: Advertise SMMUv3.1-XNX feature, Peter Maydell, 2023/10/19
- [PULL 19/24] target/arm: Implement FEAT_HPMN0, Peter Maydell, 2023/10/19
- [PULL 03/24] xlnx-bbram: hw/nvram: Remove deprecated device reset, Peter Maydell, 2023/10/19
- [PULL 04/24] xlnx-zynqmp-efuse: hw/nvram: Remove deprecated device reset, Peter Maydell, 2023/10/19
- [PULL 05/24] xlnx-versal-efuse: hw/nvram: Remove deprecated device reset, Peter Maydell, 2023/10/19
- [PULL 06/24] xlnx-bbram: hw/nvram: Use dot in device type name, Peter Maydell, 2023/10/19
- [PULL 08/24] elf2dmp: check array bounds in pdb_get_file_size, Peter Maydell <=
- [PULL 15/24] target/arm: Permit T32 LDM with single register, Peter Maydell, 2023/10/19
- [PULL 22/24] target/arm/arm-powerctl: Correctly init CPUs when powered on to lower EL, Peter Maydell, 2023/10/19
- [PULL 20/24] target/arm/kvm64.c: Remove unused include, Peter Maydell, 2023/10/19
- Re: [PULL 00/24] target-arm queue, Stefan Hajnoczi, 2023/10/20

Prev by Date: [PULL 06/24] xlnx-bbram: hw/nvram: Use dot in device type name
Next by Date: [PULL 15/24] target/arm: Permit T32 LDM with single register
Previous by thread: [PULL 06/24] xlnx-bbram: hw/nvram: Use dot in device type name
Next by thread: [PULL 15/24] target/arm: Permit T32 LDM with single register
Index(es):
- Date
- Thread