Prevent memory access to data out the notes' section

.vscode/launch.json

@@ -102,7 +102,7 @@
             "request": "launch",
             "program": "${workspaceFolder}/tests/elfio_fuzzer",
             "args": [
-                "slow-unit-82cabac818b690bc042110f7b073e63462c7553d"
+                "crash-98819328ee414bbba1ee50073d66c0727d60a7af"
             ],
             "cwd": "${workspaceFolder}/tests",
         }

.vscode/tasks.json

@@ -64,7 +64,7 @@
             "args": [
                 "-g",
                 "-O0",
-                "-fsanitize=fuzzer",
+                "-fsanitize=fuzzer,address",
                 "-I..",
                 "elfio_fuzzer.cpp",
                 "-o",
@@ -80,6 +80,25 @@
             "problemMatcher": [
                 "$gcc"
             ]
+        },
+        {
+            "type": "shell",
+            "label": "Fuzzer Tests",
+            "command": "./elfio_fuzzer",
+            "args": [
+                "-jobs=8",
+                "corpus"
+            ],
+            "options": {
+                "cwd": "${workspaceRoot}/tests"
+            },
+            "group": {
+                "kind": "build",
+                "isDefault": true
+            },
+            "problemMatcher": [
+                "$gcc"
+            ]
         }
     ],
     "version": "2.0.0"

elfio/elfio_note.hpp

@@ -145,14 +145,18 @@ class note_section_accessor_template
 
         Elf_Word align = sizeof( Elf_Word );
         while ( current + (Elf_Xword)3 * align <= size ) {
-            note_start_positions.emplace_back( current );
             Elf_Word namesz = convertor( *(const Elf_Word*)( data + current ) );
             Elf_Word descsz = convertor(
                 *(const Elf_Word*)( data + current + sizeof( namesz ) ) );
+            Elf_Word advance =
+                (Elf_Xword)3 * sizeof( Elf_Word ) +
+                ( ( namesz + align - 1 ) / align ) * (Elf_Xword)align +
+                ( ( descsz + align - 1 ) / align ) * (Elf_Xword)align;
+            if ( current + advance <= size ) {
+                note_start_positions.emplace_back( current );
+            }
 
-            current += (Elf_Xword)3 * sizeof( Elf_Word ) +
+            current += advance;
-                       ( ( namesz + align - 1 ) / align ) * (Elf_Xword)align +
-                       ( ( descsz + align - 1 ) / align ) * (Elf_Xword)align;
         }
     }
 

tests/elfio_fuzzer.cpp

@@ -2,15 +2,31 @@
 #include <sstream>
 
 #include <elfio/elfio.hpp>
+#include <elfio/elfio_dump.hpp>
+
 using namespace ELFIO;
 
 extern "C" int LLVMFuzzerTestOneInput( const uint8_t* Data, size_t Size )
 {
     std::string        str( (const char*)Data, Size );
     std::istringstream ss( str );
+    std::ostringstream oss;
 
     elfio elf;
-    elf.load( ss );
+
+    if ( !elf.load( ss ) ) {
+        return 0;
+    }
+
+    dump::header( oss, elf );
+    dump::section_headers( oss, elf );
+    dump::segment_headers( oss, elf );
+    dump::symbol_tables( oss, elf );
+    dump::notes( oss, elf );
+    dump::modinfo( oss, elf );
+    dump::dynamic_tags( oss, elf );
+    dump::section_datas( oss, elf );
+    dump::segment_datas( oss, elf );
 
     return 0;
 }