https://bugs.gentoo.org/526544

From 39c7ac1106be844a5296d3eb5971946cc09ffda0 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Fri, 17 Oct 2014 15:49:00 +0000
Subject: [PATCH] Fix note bounds reading, Francisco Alonso / Red Hat

---
 ChangeLog     | 4 ++++
 src/readelf.c | 9 ++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

2014-10-17  11:48  Christos Zoulas <christos@zoulas.com>

	* fix bounds in note reading (Francisco Alonso / Red Hat)

diff --git a/src/readelf.c b/src/readelf.c
index 08f81f5..9ebdebd 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
 	uint32_t namesz, descsz;
 	unsigned char *nbuf = CAST(unsigned char *, vbuf);
 
+	if (xnh_sizeof + offset > size) {
+		/*
+		 * We're out of note headers.
+		 */
+		return xnh_sizeof + offset;
+	}
+
 	(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
 	offset += xnh_sizeof;
 
-- 
2.1.2