elf: report error at the point where it is happening

1 files changed, 15 insertions, 0 deletions

diff --git a/src/link/Elf/Object.zig b/src/link/Elf/Object.zig
index 2bcc56b038..4f390f31fa 100644
--- a/src/link/Elf/Object.zig
+++ b/src/link/Elf/Object.zig
@@ -58,6 +58,17 @@ pub fn parse(self: *Object, elf_file: *Elf) !void {
 
     const gpa = elf_file.base.allocator;
 
+    if (self.data.len < self.header.?.e_shoff or
+        self.data.len < self.header.?.e_shoff + self.header.?.e_shnum * @sizeOf(elf.Elf64_Shdr))
+    {
+        try elf_file.reportParseError2(
+            self.index,
+            "corrupted header: section header table extends past the end of file",
+            .{},
+        );
+        return error.LinkFail;
+    }
+
     const shoff = math.cast(usize, self.header.?.e_shoff) orelse return error.Overflow;
     const shdrs = @as(
         [*]align(1) const elf.Elf64_Shdr,
@@ -66,6 +77,10 @@ pub fn parse(self: *Object, elf_file: *Elf) !void {
     try self.shdrs.ensureTotalCapacityPrecise(gpa, shdrs.len);
 
     for (shdrs) |shdr| {
+        if (self.data.len < shdr.sh_offset or self.data.len < shdr.sh_offset + shdr.sh_size) {
+            try elf_file.reportParseError2(self.index, "corrupted section header", .{});
+            return error.LinkFail;
+        }
         self.shdrs.appendAssumeCapacity(try ElfShdr.fromElf64Shdr(shdr));
     }