From f7449fe7c81adae1905e1840f78f5c009dfe1606 Mon Sep 17 00:00:00 2001
From: Nicolas Boichat <drinkcat@google.com>
Date: Tue, 28 Nov 2017 11:23:23 +0800
Subject: [PATCH] elftools: StringTableSection: Check table size before
 returning string

Some ELF files have strings pointing to an offset outside the string
table dimension, let's throw an exception in that case.

Bug-Url: https://crbug.com/788925
Reviewed-on: https://chromium-review.googlesource.com/792553
---
 elftools/elf/sections.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/elftools/elf/sections.py b/elftools/elf/sections.py
index 3805962e..15578e75 100644
--- a/elftools/elf/sections.py
+++ b/elftools/elf/sections.py
@@ -140,7 +140,19 @@ def get_string(self, offset):
         """ Get the string stored at the given offset in this string table.
         """
         table_offset = self['sh_offset']
+        table_size = self['sh_size']
+        if table_size == 0:
+            return ''
+
+        elf_assert(offset < table_size,
+                   'Expected string offset %x < table size %x' %
+                   (offset, table_size))
+
         s = parse_cstring_from_stream(self.stream, table_offset + offset)
+
+        elf_assert((offset + len(s)) < table_size,
+                   'Expected string offset + length %x < table size %x' %
+                   (offset + len(s), table_size))
         return s.decode('utf-8', errors='replace') if s else ''