diff options
| author | Saleem Abdulrasool <compnerd@compnerd.org> | 2021-08-26 15:33:04 +0000 |
|---|---|---|
| committer | Saleem Abdulrasool <compnerd@compnerd.org> | 2021-08-26 15:33:04 +0000 |
| commit | 719e929e638b884b99de2a90dad6c2b47a643969 (patch) | |
| tree | 2404e20d72f2039af102418eed40a0155441e5e4 /fesvr/elfloader.cc | |
| parent | fe7a62599bd1f76ddf58fceeb32ec05ab2165452 (diff) | |
| download | riscv-isa-sim-719e929e638b884b99de2a90dad6c2b47a643969.zip riscv-isa-sim-719e929e638b884b99de2a90dad6c2b47a643969.tar.gz riscv-isa-sim-719e929e638b884b99de2a90dad6c2b47a643969.tar.bz2 | |
fesvr: avoid an invalid memory access
`std::vector::operator[]` does not perform a bounds check when accessing
the underlying memory. If the length of the padding is 0, this would
access an invalid memory location. Guard against this by ensuring that
we have any padding to apply by constant hoisting the length computation
and checking the value.
Diffstat (limited to 'fesvr/elfloader.cc')
| -rw-r--r-- | fesvr/elfloader.cc | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/fesvr/elfloader.cc b/fesvr/elfloader.cc index b31e2be..e5e2c6d 100644 --- a/fesvr/elfloader.cc +++ b/fesvr/elfloader.cc @@ -53,9 +53,11 @@ std::map<std::string, uint64_t> load_elf(const char* fn, memif_t* memif, reg_t* memif->write(bswap(ph[i].p_paddr), bswap(ph[i].p_filesz), \ (uint8_t*)buf + bswap(ph[i].p_offset)); \ } \ - zeros.resize(bswap(ph[i].p_memsz) - bswap(ph[i].p_filesz)); \ - memif->write(bswap(ph[i].p_paddr) + bswap(ph[i].p_filesz), \ - bswap(ph[i].p_memsz) - bswap(ph[i].p_filesz), &zeros[0]); \ + if (size_t pad = bswap(ph[i].p_memsz) - bswap(ph[i].p_filesz)) { \ + zeros.resize(pad); \ + memif->write(bswap(ph[i].p_paddr) + bswap(ph[i].p_filesz), pad, \ + &zeros[0]); \ + } \ } \ } \ shdr_t* sh = (shdr_t*)(buf + bswap(eh->e_shoff)); \ |