diff options
author | Alan Modra <amodra@gmail.com> | 2019-03-01 09:28:47 +1030 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2019-03-01 13:30:38 +1030 |
commit | b24cc4146e4de9f3b66e2e2fb8379db46eff89c9 (patch) | |
tree | 42abb0936ca9a71b8901ea94202d75b4f94c8527 /bfd/peXXigen.c | |
parent | b09e83c1f814a6f218519abeb94aaf45869ba03c (diff) | |
download | fsf-binutils-gdb-b24cc4146e4de9f3b66e2e2fb8379db46eff89c9.zip fsf-binutils-gdb-b24cc4146e4de9f3b66e2e2fb8379db46eff89c9.tar.gz fsf-binutils-gdb-b24cc4146e4de9f3b66e2e2fb8379db46eff89c9.tar.bz2 |
PR24272, out-of-bounds read in pex64_xdata_print_uwd_codes
The fix here is to use an unsigned comparison for
if (a->NumberOfRvaAndSizes > IMAGE_NUMBEROF_DIRECTORY_ENTRIES)
include/
PR 24272
* coff/internal.h (struct internal_extra_pe_aouthdr): Change type
of SizeOfCode, SizeOfInitializedData, and SizeOfUninitializedData
to bfd_vma. Change type of SectionAlignment, FileAlignment,
Reserved1, SizeOfImage, SizeOfHeaders, CheckSum, LoaderFlags,
and NumberOfRvaAndSizes to uint32_t.
bfd/
PR 24272
* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Use unsigned index.
(_bfd_XX_print_private_bfd_data_common): Adjust for type changes.
Diffstat (limited to 'bfd/peXXigen.c')
-rw-r--r-- | bfd/peXXigen.c | 35 |
1 files changed, 17 insertions, 18 deletions
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c index e6d1425..77fb493 100644 --- a/bfd/peXXigen.c +++ b/bfd/peXXigen.c @@ -522,15 +522,15 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd, a->NumberOfRvaAndSizes = H_GET_32 (abfd, src->NumberOfRvaAndSizes); { - int idx; + unsigned idx; /* PR 17512: Corrupt PE binaries can cause seg-faults. */ if (a->NumberOfRvaAndSizes > IMAGE_NUMBEROF_DIRECTORY_ENTRIES) { /* xgettext:c-format */ _bfd_error_handler - (_("%pB: aout header specifies an invalid number of data-directory entries: %ld"), - abfd, a->NumberOfRvaAndSizes); + (_("%pB: aout header specifies an invalid number of" + " data-directory entries: %u"), abfd, a->NumberOfRvaAndSizes); bfd_set_error (bfd_error_bad_value); /* Paranoia: If the number is corrupt, then assume that the @@ -2806,12 +2806,13 @@ _bfd_XX_print_private_bfd_data_common (bfd * abfd, void * vfile) fprintf (file, "\t(%s)",name); fprintf (file, "\nMajorLinkerVersion\t%d\n", i->MajorLinkerVersion); fprintf (file, "MinorLinkerVersion\t%d\n", i->MinorLinkerVersion); - fprintf (file, "SizeOfCode\t\t%08lx\n", (unsigned long) i->SizeOfCode); - fprintf (file, "SizeOfInitializedData\t%08lx\n", - (unsigned long) i->SizeOfInitializedData); - fprintf (file, "SizeOfUninitializedData\t%08lx\n", - (unsigned long) i->SizeOfUninitializedData); - fprintf (file, "AddressOfEntryPoint\t"); + fprintf (file, "SizeOfCode\t\t"); + bfd_fprintf_vma (abfd, file, i->SizeOfCode); + fprintf (file, "\nSizeOfInitializedData\t"); + bfd_fprintf_vma (abfd, file, i->SizeOfInitializedData); + fprintf (file, "\nSizeOfUninitializedData\t"); + bfd_fprintf_vma (abfd, file, i->SizeOfUninitializedData); + fprintf (file, "\nAddressOfEntryPoint\t"); bfd_fprintf_vma (abfd, file, i->AddressOfEntryPoint); fprintf (file, "\nBaseOfCode\t\t"); bfd_fprintf_vma (abfd, file, i->BaseOfCode); @@ -2823,20 +2824,18 @@ _bfd_XX_print_private_bfd_data_common (bfd * abfd, void * vfile) fprintf (file, "\nImageBase\t\t"); bfd_fprintf_vma (abfd, file, i->ImageBase); - fprintf (file, "\nSectionAlignment\t"); - bfd_fprintf_vma (abfd, file, i->SectionAlignment); - fprintf (file, "\nFileAlignment\t\t"); - bfd_fprintf_vma (abfd, file, i->FileAlignment); - fprintf (file, "\nMajorOSystemVersion\t%d\n", i->MajorOperatingSystemVersion); + fprintf (file, "\nSectionAlignment\t%08x\n", i->SectionAlignment); + fprintf (file, "FileAlignment\t\t%08x\n", i->FileAlignment); + fprintf (file, "MajorOSystemVersion\t%d\n", i->MajorOperatingSystemVersion); fprintf (file, "MinorOSystemVersion\t%d\n", i->MinorOperatingSystemVersion); fprintf (file, "MajorImageVersion\t%d\n", i->MajorImageVersion); fprintf (file, "MinorImageVersion\t%d\n", i->MinorImageVersion); fprintf (file, "MajorSubsystemVersion\t%d\n", i->MajorSubsystemVersion); fprintf (file, "MinorSubsystemVersion\t%d\n", i->MinorSubsystemVersion); - fprintf (file, "Win32Version\t\t%08lx\n", (unsigned long) i->Reserved1); - fprintf (file, "SizeOfImage\t\t%08lx\n", (unsigned long) i->SizeOfImage); - fprintf (file, "SizeOfHeaders\t\t%08lx\n", (unsigned long) i->SizeOfHeaders); - fprintf (file, "CheckSum\t\t%08lx\n", (unsigned long) i->CheckSum); + fprintf (file, "Win32Version\t\t%08x\n", i->Reserved1); + fprintf (file, "SizeOfImage\t\t%08x\n", i->SizeOfImage); + fprintf (file, "SizeOfHeaders\t\t%08x\n", i->SizeOfHeaders); + fprintf (file, "CheckSum\t\t%08x\n", i->CheckSum); switch (i->Subsystem) { |