elftools: StringTableSection: Check table size before returning string
Some ELF files have strings pointing to an offset outside the string
table dimension, let's throw an exception in that case.
BUG=chromium:788925
TEST=sudo /mnt/host/source/chromite/bin/test_image --board edgar \
chromiumos_base_image_R64-10166.0.0-rc1.bin
=> Succeeds
TEST=sudo /mnt/host/source/chromite/bin/test_image --board edgar \
chromiumos_base_image_R64-10166.0.0-rc2.bin
=> Fails with a clearer error message than currently
Change-Id: Id6919d29f5f4c14f03b11ff540adf63dc1fe9c6f
Reviewed-on: https://chromium-review.googlesource.com/792553
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
diff --git a/elftools/elf/sections.py b/elftools/elf/sections.py
index 1380d6b..05150ab 100644
--- a/elftools/elf/sections.py
+++ b/elftools/elf/sections.py
@@ -64,7 +64,17 @@
""" Get the string stored at the given offset in this string table.
"""
table_offset = self['sh_offset']
+ table_size = self['sh_size']
+
+ elf_assert(offset < table_size,
+ 'Expected string offset %x < table size %x' %
+ (offset, table_size))
+
s = parse_cstring_from_stream(self.stream, table_offset + offset)
+
+ elf_assert((offset + len(s)) < table_size,
+ 'Expected string offset + length %x < table size %x' %
+ (offset + len(s), table_size))
return s