elf: memory corruption if .elf file is invalid

flyinghead · Oct 5, 2023 · 18f9b84 · 18f9b84
1 parent 56517b0
commit 18f9b84
Showing 1 changed file with 5 additions and 7 deletions.
diff --git a/core/reios/reios_elf.cpp b/core/reios/reios_elf.cpp
@@ -15,28 +15,26 @@ bool reios_loadElf(const std::string& elf) {
 	std::fseek(f, 0, SEEK_END);
 	size_t size = std::ftell(f);
 
-	if (size > 16_MB) {
+	if (size == 0 || size > 16_MB) {
 		std::fclose(f);
 		return false;
 	}
 
 	void* elfF = malloc(size);
-	memset(elfF, 0, size);
 
 	std::fseek(f, 0, SEEK_SET);
 	size_t nread = std::fread(elfF, 1, size, f);
 	std::fclose(f);
 
 	elf_t elfFile;
-
-	if (nread != size || elf_newFile(elfF, nread, &elfFile) != 0 || elf_checkFile(&elfFile) != 0)
+	if (nread != size || elf_newFile(elfF, nread, &elfFile) != 0)
 	{
-		free((void*)elfFile.elfFile);
+		free(elfF);
 		return false;
 	}
 
 	bool phys = false;
-	for (int i = 0; i < elf_getNumProgramHeaders(&elfFile); i++)
+	for (size_t i = 0; i < elf_getNumProgramHeaders(&elfFile); i++)
 	{
 		// Load that section
 		uint64_t dest;
@@ -57,7 +55,7 @@ bool reios_loadElf(const std::string& elf) {
 		ptr += len;
 		memset(ptr, 0, elf_getProgramHeaderMemorySize(&elfFile, i) - len);
 	}
-	free((void*)elfFile.elfFile);
+	free(elfF);
 
 	return true;
 }