add boundary tests to avoid some crashes found with afl

ok mpi@
author: jsg <jsg@openbsd.org> 2017-10-05 03:06:14 +0000
committer: jsg <jsg@openbsd.org> 2017-10-05 03:06:14 +0000
commit: c4904c3d1d77358b60afbce427a25cca3383e88f (patch)
tree: 1907cb7ec374d02d55039940ffee00c36478c967 /usr.bin/ctfdump
parent: sync elf.c with ctfconv (diff)
download: wireguard-openbsd-c4904c3d1d77358b60afbce427a25cca3383e88f.tar.xz
wireguard-openbsd-c4904c3d1d77358b60afbce427a25cca3383e88f.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/usr.bin/ctfdump/ctfdump.c b/usr.bin/ctfdump/ctfdump.c
index 88c05e1fd1f..4f406334b57 100644
--- a/usr.bin/ctfdump/ctfdump.c
+++ b/usr.bin/ctfdump/ctfdump.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ctfdump.c,v 1.9 2017/10/05 02:59:39 jsg Exp $ */
+/*	$OpenBSD: ctfdump.c,v 1.10 2017/10/05 03:06:14 jsg Exp $ */
 
 /*
  * Copyright (c) 2016 Martin Pieuchot <mpi@openbsd.org>
@@ -181,6 +181,9 @@ elf_idx2sym(size_t *idx, uint8_t type)
 		if (ELF_ST_TYPE(st->st_info) != type)
 			continue;
 
+		if (st->st_name >= strtabsz)
+			break;
+
 		*idx = i;
 		return strtab + st->st_name;
 	}
@@ -220,6 +223,9 @@ elf_dump(char *p, size_t filesize, uint8_t flags)
 		if (strncmp(shstab + sh->sh_name, ELF_CTF, strlen(ELF_CTF)))
 			continue;
 
+		if ((sh->sh_offset + sh->sh_size) > filesize)
+			continue;
+
 		if (!isctf(p + sh->sh_offset, sh->sh_size))
 			break;
author	jsg <jsg@openbsd.org>	2017-10-05 03:06:14 +0000
committer	jsg <jsg@openbsd.org>	2017-10-05 03:06:14 +0000
commit	c4904c3d1d77358b60afbce427a25cca3383e88f (patch)
tree	1907cb7ec374d02d55039940ffee00c36478c967 /usr.bin/ctfdump
parent	sync elf.c with ctfconv (diff)
download	wireguard-openbsd-c4904c3d1d77358b60afbce427a25cca3383e88f.tar.xz wireguard-openbsd-c4904c3d1d77358b60afbce427a25cca3383e88f.zip