Code doesn't check entry size before casting

Alan-Jowett opened this issue a year ago · 0 comments

Alan-Jowett commented a year ago

Here is one example:
https://github.com/serge1/ELFIO/blob/9814eaaa7623e05b1e2dd11794eb6404afac9040/elfio/elfio_relocation.hpp#L341C1-L359C1

Code assumes relocation_section->get_entry_size() > sizeof(T), which can be wrong in the case of a malicious ELF file.

See: microsoft/ebpf-for-windows#3114 for how this was caught.