diff options
| author | Alan Modra <amodra@gmail.com> | 2021-06-02 14:47:17 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2021-06-02 14:47:17 +0930 |
| commit | 45342c7c91f4c0a737405468ce2999825cb11c9a (patch) | |
| tree | e3c253964aefb603804c2e9c48dfe56384234c75 /bfd | |
| parent | 75bf2c9cf7dc7dad5e99f337a5d4f677e71dadc9 (diff) | |
| download | fsf-binutils-gdb-45342c7c91f4c0a737405468ce2999825cb11c9a.zip fsf-binutils-gdb-45342c7c91f4c0a737405468ce2999825cb11c9a.tar.gz fsf-binutils-gdb-45342c7c91f4c0a737405468ce2999825cb11c9a.tar.bz2 | |
asan: heap buffer overflow in _bfd_elf_parse_attributes
* elf-attrs.c (_bfd_elf_parse_attributes): Break out of loop if
subsection length is too small to cover tag and length field.
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/ChangeLog | 5 | ||||
| -rw-r--r-- | bfd/elf-attrs.c | 6 |
2 files changed, 8 insertions, 3 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index fd9721e..7857b70 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2021-06-02 Alan Modra <amodra@gmail.com> + + * elf-attrs.c (_bfd_elf_parse_attributes): Break out of loop if + subsection length is too small to cover tag and length field. + 2021-05-31 Nelson Chu <nelson.chu@sifive.com> Lifang Xia <lifang_xia@c-sky.com> diff --git a/bfd/elf-attrs.c b/bfd/elf-attrs.c index 11a81a3..72c606d 100644 --- a/bfd/elf-attrs.c +++ b/bfd/elf-attrs.c @@ -548,15 +548,15 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr) } else { - subsection_len = 0; p = p_end; + break; } - if (subsection_len == 0) - break; if (subsection_len > section_len) subsection_len = section_len; section_len -= subsection_len; end = orig_p + subsection_len; + if (end < p) + break; switch (tag) { case Tag_File: |