Detect circular DT_HASH and DT_GNUHASH lookup

https://github.com/upx/upx/issues/775 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65811&q=label%3AProj-upx https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65840&q=label%3AProj-upx
2024-01-25 15:05:53 -08:00
parent 10807ebdc2
commit b48f870701
1 changed files with 8 additions and 0 deletions
@@ -8179,12 +8179,16 @@ Elf32_Sym const *PackLinuxElf32::elf_lookup(char const *name) const
        }
        if (nbucket) {
            unsigned const m = elf_hash(name) % nbucket;
            unsigned nvisit = 0;
            unsigned si;
            for (si= get_te32(&buckets[m]); 0!=si; si= get_te32(&chains[si])) {
                char const *const p= get_dynsym_name(si, (unsigned)-1);
                if (0==strcmp(name, p)) {
                    return &dynsym[si];
                }
                if (nbucket <= ++nvisit) {
                    throwCantPack("circular DT_HASH chain %d\n", si);
                }
            }
        }
    }
@@ -8261,12 +8265,16 @@ Elf64_Sym const *PackLinuxElf64::elf_lookup(char const *name) const
        }
        if (nbucket) { // -rust-musl can have "empty" hashtab
            unsigned const m = elf_hash(name) % nbucket;
            unsigned nvisit = 0;
            unsigned si;
            for (si= get_te32(&buckets[m]); 0!=si; si= get_te32(&chains[si])) {
                char const *const p= get_dynsym_name(si, (unsigned)-1);
                if (0==strcmp(name, p)) {
                    return &dynsym[si];
                }
                if (nbucket <= ++nvisit) {
                    throwCantPack("circular DT_HASH chain %d\n", si);
                }
            }
        }
    }