Merge pull request #42 from DataDog/rgs/safe-access-parse-program-hea…

…ders use safeaccess to avoid dereferencing unreadable pointers in program headers
DataDog · Nov 8, 2023 · cea7b60 · cea7b60
2 parents 4fe47d3 + 33e2856
commit cea7b60
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/ddprof-lib/src/main/cpp/symbols_linux.cpp b/ddprof-lib/src/main/cpp/symbols_linux.cpp
@@ -31,6 +31,7 @@
 #include "symbols.h"
 #include "dwarf.h"
 #include "log.h"
+#include "safeAccess.h"
 
 
 class SymbolDesc {
@@ -212,9 +213,16 @@ ElfProgramHeader* ElfParser::findProgramHeader(uint32_t type) {
     const char* pheaders = (const char*)_header + _header->e_phoff;
 
     for (int i = 0; i < _header->e_phnum; i++) {
-        ElfProgramHeader* pheader = (ElfProgramHeader*)(pheaders + i * _header->e_phentsize);
-        if (pheader->p_type == type) {
-            return pheader;
+        const char* unvalidated_pheader = pheaders + i * _header->e_phentsize;
+        // check we can load the pointer
+        void* checked = SafeAccess::load((void**) unvalidated_pheader);
+        if (checked == NULL) {
+            return NULL;
+        } else {
+            ElfProgramHeader* pheader = (ElfProgramHeader*) unvalidated_pheader;
+            if (pheader->p_type == type) {
+                return pheader;
+            }
         }
     }