libelf: Correct overflow check in note_xlate.
We want to make sure the note_len doesn't overflow and becomes shorter
than the note header. But the namesz and descsz checks got the note header
size wrong). Replace the wrong constant (8) with a sizeof cvt_Nhdr (12).
https://sourceware.org/bugzilla/show_bug.cgi?id=24084
Signed-off-by: Mark Wielaard <mark@klomp.org>
diff --git a/libelf/note_xlate.h b/libelf/note_xlate.h
index 9bdc3e2..bc9950f 100644
--- a/libelf/note_xlate.h
+++ b/libelf/note_xlate.h
@@ -46,13 +46,13 @@
/* desc needs to be aligned. */
note_len += n->n_namesz;
note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len);
- if (note_len > len || note_len < 8)
+ if (note_len > len || note_len < sizeof *n)
break;
/* data as a whole needs to be aligned. */
note_len += n->n_descsz;
note_len = nhdr8 ? NOTE_ALIGN8 (note_len) : NOTE_ALIGN4 (note_len);
- if (note_len > len || note_len < 8)
+ if (note_len > len || note_len < sizeof *n)
break;
/* Copy or skip the note data. */