projects
/
pintos-anon
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
89a402c
)
Validate offsets before passing into file_seek().
author
Ben Pfaff
<blp@cs.stanford.edu>
Wed, 8 Dec 2004 00:17:58 +0000
(
00:17
+0000)
committer
Ben Pfaff
<blp@cs.stanford.edu>
Wed, 8 Dec 2004 00:17:58 +0000
(
00:17
+0000)
src/userprog/process.c
patch
|
blob
|
history
diff --git
a/src/userprog/process.c
b/src/userprog/process.c
index 78b3122b1b6e1dcb1db9ce12d804e46383785a71..b8d4a14462c63faecf6ac69944db4180b83d2914 100644
(file)
--- a/
src/userprog/process.c
+++ b/
src/userprog/process.c
@@
-240,7
+240,10
@@
load (const char *filename, void (**eip) (void), void **esp)
{
struct Elf32_Phdr phdr;
{
struct Elf32_Phdr phdr;
+ if (file_ofs < 0 || file_ofs > file_length (file))
+ LOAD_ERROR (("bad file offset %ld", (long) file_ofs));
file_seek (file, file_ofs);
file_seek (file, file_ofs);
+
if (file_read (file, &phdr, sizeof phdr) != sizeof phdr)
LOAD_ERROR (("error reading program header"));
file_ofs += sizeof phdr;
if (file_read (file, &phdr, sizeof phdr) != sizeof phdr)
LOAD_ERROR (("error reading program header"));
file_ofs += sizeof phdr;
@@
-316,6
+319,13
@@
load_segment (struct file *file, const struct Elf32_Phdr *phdr)
return false;
}
return false;
}
+ /* p_offset must point within file. */
+ if (phdr->p_offset < 0 || phdr->p_offset > file_length (file))
+ {
+ printf ("bad p_offset %"PE32Ox, phdr->p_offset);
+ return false;
+ }
+
/* [ELF1] 2-3 says that p_memsz must be at least as big as
p_filesz. */
if (phdr->p_memsz < phdr->p_filesz)
/* [ELF1] 2-3 says that p_memsz must be at least as big as
p_filesz. */
if (phdr->p_memsz < phdr->p_filesz)