heap buffer overflow #15
Description
A buffer overflow if there is a large enough symbol string table. In the loop simply add a check to make sure that symstroff does not exceed 8192 * 32, if so, then perhaps a realloc to a larger buf size.
char *strtab = heapAlloc(8192 * 32);
... ...
for (i = 0; i < fncount; i++) {
symtab[i].st_value = fdp[i].addr;
symtab[i].st_size = fdp[i].size;
symtab[i].st_info = (((STB_GLOBAL) << 4) + ((STT_FUNC) & 0xf));
symtab[i].st_other = 0;
symtab[i].st_shndx = text_shdr_index;
symtab[i].st_name = symstroff;
sname = xfmtstrdup("sub_%lx", fdp[i].addr);
strcpy(&strtab[symstroff], sname);
symstroff += strlen(sname) + 1;
free(sname);
}