| From 2cd3bb50e256f5ed5f611ac611d25fe673f2cec3 Mon Sep 17 00:00:00 2001 |
| From: Peter Johnson <johnson.peter@gmail.com> |
| Date: Fri, 11 Aug 2023 10:49:51 +0000 |
| Subject: [PATCH] elf.c: Fix NULL deref on bad xsize expression (#234) |
| |
| CVE: CVE-2023-37732 |
| |
| Upstream-Status: Backport [https://github.com/yasm/yasm/commit/2cd3bb50e256f5ed5f611ac611d25fe673f2cec3] |
| |
| Signed-off-by: Soumya <soumya.sambu@windriver.com> |
| --- |
| modules/objfmts/elf/elf.c | 10 +++++----- |
| 1 file changed, 5 insertions(+), 5 deletions(-) |
| |
| diff --git a/modules/objfmts/elf/elf.c b/modules/objfmts/elf/elf.c |
| index 2486bba8..bab4c9ca 100644 |
| --- a/modules/objfmts/elf/elf.c |
| +++ b/modules/objfmts/elf/elf.c |
| @@ -482,15 +482,15 @@ elf_symtab_write_to_file(FILE *f, elf_symtab_head *symtab, |
| |
| /* get size (if specified); expr overrides stored integer */ |
| if (entry->xsize) { |
| - size_intn = yasm_intnum_copy( |
| - yasm_expr_get_intnum(&entry->xsize, 1)); |
| - if (!size_intn) { |
| + yasm_intnum *intn = yasm_expr_get_intnum(&entry->xsize, 1); |
| + if (!intn) { |
| yasm_error_set(YASM_ERROR_VALUE, |
| N_("size specifier not an integer expression")); |
| yasm_errwarn_propagate(errwarns, entry->xsize->line); |
| - } |
| + } else |
| + size_intn = yasm_intnum_copy(intn); |
| } |
| - else |
| + if (!size_intn) |
| size_intn = yasm_intnum_create_uint(entry->size); |
| |
| /* get EQU value for constants */ |
| -- |
| 2.40.0 |