PR23147, Heap buffer overflow in pe_print_idata

PR 23147 * peXXigen.c (pe_print_idata): Bound check hint_addr.
author: Alan Modra <amodra@gmail.com> 2018-05-09 13:56:34 +0930
committer: Alan Modra <amodra@gmail.com> 2018-05-09 14:12:56 +0930
commit: 53db9cf9fc363fd8ab3a9d97cdcb2ea1f639a243 (patch)
tree: efa0b04a1b87db759d2ad825ca371627c2c8fc82
parent: 937d92afc38858e21bf2a8dca1262959ee26d7f0 (diff)
download: gdb-53db9cf9fc363fd8ab3a9d97cdcb2ea1f639a243.zip
gdb-53db9cf9fc363fd8ab3a9d97cdcb2ea1f639a243.tar.gz
gdb-53db9cf9fc363fd8ab3a9d97cdcb2ea1f639a243.tar.bz2
2 files changed, 6 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index e478821..f158067 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2018-05-09  Alan Modra  <amodra@gmail.com>
+
+	PR 23147
+	* peXXigen.c (pe_print_idata): Bound check hint_addr.
+
 2018-05-08  Nick Clifton  <nickc@redhat.com>
 
 	PR 22809
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c
index 5e0acc4..b32cc18 100644
--- a/bfd/peXXigen.c
+++ b/bfd/peXXigen.c
@@ -1438,7 +1438,7 @@ pe_print_idata (bfd * abfd, void * vfile)
       if (hint_addr == 0)
 	hint_addr = first_thunk;
 
-      if (hint_addr != 0)
+      if (hint_addr != 0 && hint_addr - adj < datasize)
 	{
 	  bfd_byte *ft_data;
 	  asection *ft_section;
author	Alan Modra <amodra@gmail.com>	2018-05-09 13:56:34 +0930
committer	Alan Modra <amodra@gmail.com>	2018-05-09 14:12:56 +0930
commit	53db9cf9fc363fd8ab3a9d97cdcb2ea1f639a243 (patch)
tree	efa0b04a1b87db759d2ad825ca371627c2c8fc82
parent	937d92afc38858e21bf2a8dca1262959ee26d7f0 (diff)
download	gdb-53db9cf9fc363fd8ab3a9d97cdcb2ea1f639a243.zip gdb-53db9cf9fc363fd8ab3a9d97cdcb2ea1f639a243.tar.gz gdb-53db9cf9fc363fd8ab3a9d97cdcb2ea1f639a243.tar.bz2