aboutsummaryrefslogtreecommitdiff
path: root/fesvr/elfloader.cc
diff options
context:
space:
mode:
authorSaleem Abdulrasool <compnerd@compnerd.org>2021-08-26 15:33:04 +0000
committerSaleem Abdulrasool <compnerd@compnerd.org>2021-08-26 15:33:04 +0000
commit719e929e638b884b99de2a90dad6c2b47a643969 (patch)
tree2404e20d72f2039af102418eed40a0155441e5e4 /fesvr/elfloader.cc
parentfe7a62599bd1f76ddf58fceeb32ec05ab2165452 (diff)
downloadriscv-isa-sim-719e929e638b884b99de2a90dad6c2b47a643969.zip
riscv-isa-sim-719e929e638b884b99de2a90dad6c2b47a643969.tar.gz
riscv-isa-sim-719e929e638b884b99de2a90dad6c2b47a643969.tar.bz2
fesvr: avoid an invalid memory access
`std::vector::operator[]` does not perform a bounds check when accessing the underlying memory. If the length of the padding is 0, this would access an invalid memory location. Guard against this by ensuring that we have any padding to apply by constant hoisting the length computation and checking the value.
Diffstat (limited to 'fesvr/elfloader.cc')
-rw-r--r--fesvr/elfloader.cc8
1 files changed, 5 insertions, 3 deletions
diff --git a/fesvr/elfloader.cc b/fesvr/elfloader.cc
index b31e2be..e5e2c6d 100644
--- a/fesvr/elfloader.cc
+++ b/fesvr/elfloader.cc
@@ -53,9 +53,11 @@ std::map<std::string, uint64_t> load_elf(const char* fn, memif_t* memif, reg_t*
memif->write(bswap(ph[i].p_paddr), bswap(ph[i].p_filesz), \
(uint8_t*)buf + bswap(ph[i].p_offset)); \
} \
- zeros.resize(bswap(ph[i].p_memsz) - bswap(ph[i].p_filesz)); \
- memif->write(bswap(ph[i].p_paddr) + bswap(ph[i].p_filesz), \
- bswap(ph[i].p_memsz) - bswap(ph[i].p_filesz), &zeros[0]); \
+ if (size_t pad = bswap(ph[i].p_memsz) - bswap(ph[i].p_filesz)) { \
+ zeros.resize(pad); \
+ memif->write(bswap(ph[i].p_paddr) + bswap(ph[i].p_filesz), pad, \
+ &zeros[0]); \
+ } \
} \
} \
shdr_t* sh = (shdr_t*)(buf + bswap(eh->e_shoff)); \