Re: [Xen-devel] [PATCH 10/16] libelf: check all pointer accesses

[Matthew Daley <mattjd@xxxxxxxxx>]

On Tue, Jun 4, 2013 at 3:41 AM, Ian Jackson <ian.jackson@xxxxxxxxxxxxx> wrote:
> +static int elf_ptrval_in_range(elf_ptrval ptrval, uint64_t size,
> +                               const void *region, uint64_t regionsize)
> +    /*
> +     * Returns true if the putative memory area [ptrval,ptrval+size>
> +     * is completely inside the region [region,region+regionsize>.
> +     *
> +     * ptrval and size are the untrusted inputs to be checked.
> +     * region and regionsize are trusted and must be correct and valid.
> +     */
> +{
> +    elf_ptrval regionp = (elf_ptrval)region;
> +
> +    if ( (ptrval < regionp) ||              /* start is before region */
> +         (ptrval > regionp + regionsize) || /* start is after region */

Should be >=, not >, FWIW.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel