svn commit: r326143 - head/stand/common

[Warner Losh]

Author: imp
Date: Fri Nov 24 05:00:25 2017
New Revision: 326143
URL: https://svnweb.freebsd.org/changeset/base/326143

Log:
  Fix theoretical integer overflow issues. If the product here is
  greater than 2^31-1, then the result will be huge. This is unlikely,
  as we don't support that many sections, but out of an abundace of
  caution cast to size_t so the multiplication won't overflow
  mysteriously when size_t is larger than 32-bits. The resulting code
  may be a smidge larger, but this isn't super-space critical code.
  
  CID: 1194216, 1194217, 1194222, 1194223, 1265018, 1265019,1265020,
       1265021
  Sponsored by: Netflix

Modified:
  head/stand/common/load_elf.c

Modified: head/stand/common/load_elf.c
==============================================================================
--- head/stand/common/load_elf.c	Fri Nov 24 04:42:21 2017	(r326142)
+++ head/stand/common/load_elf.c	Fri Nov 24 05:00:25 2017	(r326143)
@@ -456,7 +456,7 @@ __elfN(loadimage)(struct preloaded_file *fp, elf_file_
      * think the rule is going to have to be that you must strip a
      * file to remove symbols before gzipping it.
      */
-    chunk = ehdr->e_shnum * ehdr->e_shentsize;
+    chunk = (size_t)ehdr->e_shnum * (size_t)ehdr->e_shentsize;
     if (chunk == 0 || ehdr->e_shoff == 0)
 	goto nosyms;
     shdr = alloc_pread(ef->fd, ehdr->e_shoff, chunk);
@@ -747,7 +747,7 @@ __elfN(load_modmetadata)(struct preloaded_file *fp, u_
 		goto out;
 	}
 
-	size = ef.ehdr->e_shnum * ef.ehdr->e_shentsize;
+	size = (size_t)ef.ehdr->e_shnum * (size_t)ef.ehdr->e_shentsize;
 	shdr = alloc_pread(ef.fd, ef.ehdr->e_shoff, size);
 	if (shdr == NULL) {
 		err = ENOMEM;