ReadPadSegmentNote: Skip PT_NOTEs that are beyond the end of the file
Some obfuscated ELFs have PT_NOTE headers that are past the end of the file. Skip parsing these for crt_pad_segment note, as accesses beyond the file will cause a SIGBUS. Bug: 331717625 Test: Manual - Launch Guns up app Change-Id: I39365064e6c1538b0be1114479557d94a72ee369 Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
This commit is contained in:
Kalesh Singh
parent
8ba5f48907
commit
751bb8ae9d
1 changed files with 10 additions and 0 deletions
|
|
@ -724,6 +724,16 @@ bool ElfReader::ReadPadSegmentNote() {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If the PT_NOTE extends beyond the file. The ELF is doing something
|
||||||
|
// strange -- obfuscation, embedding hidden loaders, ...
|
||||||
|
//
|
||||||
|
// It doesn't contain the pad_segment note. Skip it to avoid SIGBUS
|
||||||
|
// by accesses beyond the file.
|
||||||
|
off64_t note_end_off = file_offset_ + phdr->p_offset + phdr->p_filesz;
|
||||||
|
if (note_end_off > file_size_) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
// note_fragment is scoped to within the loop so that there is
|
// note_fragment is scoped to within the loop so that there is
|
||||||
// at most 1 PT_NOTE mapped at anytime during this search.
|
// at most 1 PT_NOTE mapped at anytime during this search.
|
||||||
MappedFileFragment note_fragment;
|
MappedFileFragment note_fragment;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue