From ec388c16cd4217a64907e4e133d2102cc4fe608a Mon Sep 17 00:00:00 2001
From: Nick Alcock <nick.alcock@oracle.com>
Date: Wed, 3 Jun 2020 17:31:44 +0100
Subject: libctf: error out on corrupt CTF with invalid header flags

If corrupt CTF with invalid header flags is passed in, return the new
error ECTF_FLAGS.

include/
	* ctf-api.h (ECTF_FLAGS): New.
	(ECTF_NERR): Adjust.
	* ctf.h (CTF_F_MAX): New.
libctf/
	* ctf-open.c (ctf_bufopen_internal): Diagnose invalid flags.
---
 libctf/ChangeLog  | 4 ++++
 libctf/ctf-open.c | 3 +++
 2 files changed, 7 insertions(+)

(limited to 'libctf')

diff --git a/libctf/ChangeLog b/libctf/ChangeLog
index 4a10f63..45caf21 100644
--- a/libctf/ChangeLog
+++ b/libctf/ChangeLog
@@ -1,5 +1,9 @@
 2020-07-22  Nick Alcock  <nick.alcock@oracle.com>
 
+	* ctf-open.c (ctf_bufopen_internal): Diagnose invalid flags.
+
+2020-07-22  Nick Alcock  <nick.alcock@oracle.com>
+
 	ctf-decls.h (ctf_qsort_compar_thunk): Fix arg passing.
 
 2020-07-22  Nick Alcock  <nick.alcock@oracle.com>
diff --git a/libctf/ctf-open.c b/libctf/ctf-open.c
index b7846bd..f8eeaab 100644
--- a/libctf/ctf-open.c
+++ b/libctf/ctf-open.c
@@ -1384,6 +1384,9 @@ ctf_bufopen_internal (const ctf_sect_t *ctfsect, const ctf_sect_t *symsect,
   if (pp->ctp_version < CTF_VERSION_3)
     hdrsz = sizeof (ctf_header_v2_t);
 
+  if (_libctf_unlikely_ (pp->ctp_flags > CTF_F_MAX))
+    return (ctf_set_open_errno (errp, ECTF_FLAGS));
+
   if (ctfsect->cts_size < hdrsz)
     return (ctf_set_open_errno (errp, ECTF_NOCTFBUF));
 
-- 
cgit v1.1