From 2954daf00bb4dc27c69a48e6798d5960ea320741 Mon Sep 17 00:00:00 2001
From: Andreas Schwab <schwab@suse.de>
Date: Tue, 23 Oct 2018 09:40:14 +0200
Subject: Add more checks for valid ld.so.cache file (bug 18093)

---
 elf/cache.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'elf/cache.c')

diff --git a/elf/cache.c b/elf/cache.c
index e63979da7d..c4cd825c30 100644
--- a/elf/cache.c
+++ b/elf/cache.c
@@ -199,6 +199,11 @@ print_cache (const char *cache_name)
     }
   else
     {
+      /* Check for corruption, avoiding overflow.  */
+      if ((cache_size - sizeof (struct cache_file)) / sizeof (struct file_entry)
+	  < cache->nlibs)
+	error (EXIT_FAILURE, 0, _("File is not a cache file.\n"));
+
       size_t offset = ALIGN_CACHE (sizeof (struct cache_file)
 				   + (cache->nlibs
 				      * sizeof (struct file_entry)));
-- 
cgit 1.4.1