Skip to content

fix: harden module parsers against malformed input#34

Merged
azenla merged 2 commits into
mainfrom
fix/harden-parser
Jun 30, 2026
Merged

fix: harden module parsers against malformed input#34
azenla merged 2 commits into
mainfrom
fix/harden-parser

Conversation

@azenla

@azenla azenla commented Jun 30, 2026

Copy link
Copy Markdown
Member

Fixes two panics when parsing untrusted/malformed module files:

  • Signature parsing (src/signature/raw.rs): the bounds check omitted the header size, so a crafted signature length could pass validation and underflow the slice offsets.
  • ELF detection (src/object/content.rs): check_elf read bytes 4-6 after only verifying the 4-byte magic, panicking on files shorter than 7 bytes.

azenla added 2 commits June 30, 2026 11:38
The bounds check omitted the header size, so a crafted signature
length could pass validation and underflow the slice offsets.
check_elf indexed bytes 4-6 after only verifying the 4-byte magic,
panicking on files shorter than 7 bytes.
@azenla azenla merged commit ab0ba31 into main Jun 30, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants