read_dylink_0_section: fix a buffer overrun

found by examples/fuzz
yamt · Jun 17, 2024 · d6a64b8 · d6a64b8
1 parent f062da6
commit d6a64b8
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/lib/module.c b/lib/module.c
@@ -2007,7 +2007,12 @@ read_dylink_0_section(const uint8_t **pp, const uint8_t *ep,
                 if (ret != 0) {
                         goto fail;
                 }
+                if (ep - p < payload_len) {
+                        ret = E2BIG;
+                        goto fail;
+                }
                 const uint8_t *sep = p + payload_len;
+                assert(sep <= ep);
                 unsigned int i;
                 for (i = 0; i < ARRAYCOUNT(dylink_subsections); i++) {
                         const struct dylink_subsection *ss =