diff options
| author | Ian Lance Taylor <iant@golang.org> | 2024-03-02 12:15:49 -0800 |
|---|---|---|
| committer | Ian Lance Taylor <iant@golang.org> | 2024-03-02 12:17:18 -0800 |
| commit | c4f82ec6b4633a6024f895c925e5e69717084742 (patch) | |
| tree | c25df3a5569b2da88bf8baf319986dc87d928d4a | |
| parent | 9ca5e579d3e1acdbf0519f7a43928ecc9bb0193f (diff) | |
libbacktrace: skip all LZMA block header padding bytes
Fixes https://github.com/ianlancetaylor/libbacktrace/issues/118
* elf.c (elf_uncompress_lzma_block): Skip all header padding bytes
and verify that they are zero.
| -rw-r--r-- | libbacktrace/elf.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/libbacktrace/elf.c b/libbacktrace/elf.c index f4527e2477d..7841c86cd9c 100644 --- a/libbacktrace/elf.c +++ b/libbacktrace/elf.c @@ -5568,6 +5568,7 @@ elf_uncompress_lzma_block (const unsigned char *compressed, uint64_t header_compressed_size; uint64_t header_uncompressed_size; unsigned char lzma2_properties; + size_t crc_offset; uint32_t computed_crc; uint32_t stream_crc; size_t uncompressed_offset; @@ -5671,19 +5672,20 @@ elf_uncompress_lzma_block (const unsigned char *compressed, /* The properties describe the dictionary size, but we don't care what that is. */ - /* Block header padding. */ - if (unlikely (off + 4 > compressed_size)) + /* Skip to just before CRC, verifying zero bytes in between. */ + crc_offset = block_header_offset + block_header_size - 4; + if (unlikely (crc_offset + 4 > compressed_size)) { elf_uncompress_failed (); return 0; } - - off = (off + 3) &~ (size_t) 3; - - if (unlikely (off + 4 > compressed_size)) + for (; off < crc_offset; off++) { - elf_uncompress_failed (); - return 0; + if (compressed[off] != 0) + { + elf_uncompress_failed (); + return 0; + } } /* Block header CRC. */ |