Fix a possible bug which can incur integer overflowaccepted/tizen/unified/x/20240313.092046accepted/tizen/unified/dev/20240620.010930accepted/tizen/unified/20240311.170344tizenaccepted/tizen_unified_xaccepted/tizen_unified_devaccepted/tizen_unified

Since off64_t is a signed 64-bit integer while Elf64_Off is unsigned long long,
assign Elf64_Off-typed value to an off64_t argument can make a integer overflow.
By adding a specific function for unsigned long long type, this possible bug can
be fixed.

This patch fixes a coverity issue (cid: 1758248).

Change-Id: I86fbf69a27afb031568aac3bbc9262c2462cc7b1
Signed-off-by: Sung-hun Kim <sfoon.kim@samsung.com>

1 files changed, 18 insertions, 2 deletions

diff --git a/src/minicoredumper/telf.c b/src/minicoredumper/telf.c
index 8f0241f..42f1b6f 100644
--- a/src/minicoredumper/telf.c
+++ b/src/minicoredumper/telf.c
@@ -31,6 +31,7 @@
 #include <fcntl.h>
 #include <string.h>
 #include <stdarg.h>
+#include <limits.h>
 
 #include "telf.h"
 
@@ -81,6 +82,21 @@ static bool set_offset(Elf *elf, off64_t offset)
 	return true;
 }
 
+static bool set_ull_offset(Elf *elf, Elf64_Off offset)
+{
+	assert(elf);
+
+	if (offset <= LONG_MAX)
+		return set_offset(elf, (off64_t)offset);
+
+	if ((lseek64(elf->fd, LONG_MAX, SEEK_SET) == (off64_t)-1) ||
+		(lseek64(elf->fd, (off64_t)(offset - LONG_MAX), SEEK_CUR) == (off64_t)-1)) {
+		set_error(elf, "set file offset error: %m");
+		return false;
+	}
+	return true;
+}
+
 static bool readehdr(Elf *elf, Elf64_Ehdr *ehdr)
 {
 	assert(elf);
@@ -271,7 +287,7 @@ bool teu_getsdata(Elf *elf, Elf64_Shdr *shdr, void *data)
 	assert(shdr);
 	assert(data);
 
-	if (!set_offset(elf, shdr->sh_offset))
+	if (!set_ull_offset(elf, shdr->sh_offset))
 		return false;
 
 	if (read(elf->fd, data, shdr->sh_size) == -1) {
@@ -323,7 +339,7 @@ char *teu_strptr(Elf *elf, int sindex, off64_t offset)
 		return false;
 	}
 
-	if (!set_offset(elf, strsection.sh_offset))
+	if (!set_ull_offset(elf, strsection.sh_offset))
 		return NULL;
 
 	char data[strsection.sh_size];