diff options
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/ChangeLog | 7 | ||||
| -rw-r--r-- | bfd/peXXigen.c | 29 |
2 files changed, 26 insertions, 10 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index a7fe73c..f12a610 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,10 @@ +2015-02-06 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * peXXigen.c (rsrc_print_resource_entries): Add range check for + addresses that wrap around the address space. + (rsrc_parse_entry): Likewise. + 2015-02-03 H.J. Lu <hongjiu.lu@intel.com> PR ld/12365 diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c index 45f1937..9feab3b 100644 --- a/bfd/peXXigen.c +++ b/bfd/peXXigen.c @@ -2302,6 +2302,7 @@ rsrc_print_resource_entries (FILE * file, bfd_vma rva_bias) { unsigned long entry, addr, size; + bfd_byte * leaf; if (data + 8 >= regions->section_end) return regions->section_end + 1; @@ -2382,18 +2383,21 @@ rsrc_print_resource_entries (FILE * file, regions, rva_bias); } - if (regions->section_start + entry + 16 >= regions->section_end) + leaf = regions->section_start + entry; + + if (leaf + 16 >= regions->section_end + /* PR 17512: file: 055dff7e. */ + || leaf < regions->section_start) return regions->section_end + 1; fprintf (file, _("%03x %*.s Leaf: Addr: %#08lx, Size: %#08lx, Codepage: %d\n"), - (int) (entry), - indent, " ", - addr = (long) bfd_get_32 (abfd, regions->section_start + entry), - size = (long) bfd_get_32 (abfd, regions->section_start + entry + 4), - (int) bfd_get_32 (abfd, regions->section_start + entry + 8)); + (int) (entry), indent, " ", + addr = (long) bfd_get_32 (abfd, leaf), + size = (long) bfd_get_32 (abfd, leaf + 4), + (int) bfd_get_32 (abfd, leaf + 8)); /* Check that the reserved entry is 0. */ - if (bfd_get_32 (abfd, regions->section_start + entry + 12) != 0 + if (bfd_get_32 (abfd, leaf + 12) != 0 /* And that the data address/size is valid too. */ || (regions->section_start + (addr - rva_bias) + size > regions->section_end)) return regions->section_end + 1; @@ -3264,9 +3268,14 @@ rsrc_parse_entry (bfd * abfd, if (entry->value.leaf == NULL) return dataend; - addr = bfd_get_32 (abfd, datastart + val); - size = entry->value.leaf->size = bfd_get_32 (abfd, datastart + val + 4); - entry->value.leaf->codepage = bfd_get_32 (abfd, datastart + val + 8); + data = datastart + val; + if (data < datastart || data >= dataend) + return dataend; + + addr = bfd_get_32 (abfd, data); + size = entry->value.leaf->size = bfd_get_32 (abfd, data + 4); + entry->value.leaf->codepage = bfd_get_32 (abfd, data + 8); + /* FIXME: We assume that the reserved field (data + 12) is OK. */ entry->value.leaf->data = bfd_malloc (size); if (entry->value.leaf->data == NULL) |