diff options
| author | Nick Clifton <nickc@redhat.com> | 2019-02-20 17:03:47 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2019-02-20 17:03:47 +0000 |
| commit | 7fc0c668f2aceb8582d74db1ad2528e2bba8a921 (patch) | |
| tree | 4659f56abe2bac3bce2ebad0fcc1cba438ddc38d | |
| parent | 8d18bf796bf70d71eb23f4247e29a1fab5f3c5c7 (diff) | |
| download | gdb-7fc0c668f2aceb8582d74db1ad2528e2bba8a921.zip gdb-7fc0c668f2aceb8582d74db1ad2528e2bba8a921.tar.gz gdb-7fc0c668f2aceb8582d74db1ad2528e2bba8a921.tar.bz2 | |
Fix a illegal memory access fault when parsing a corrupt MIPS option section using readelf.
PR 24243
* readelf.c (process_mips_specific): Check for an options section
that is too small to even contain a single option.
| -rw-r--r-- | binutils/ChangeLog | 3 | ||||
| -rw-r--r-- | binutils/readelf.c | 6 |
2 files changed, 9 insertions, 0 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 1ae5044..1d55610 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -2,6 +2,9 @@ PR 24242 * readelf.c (print_ia64_vms_note): Harden against corrupt notes. + PR 24243 + * readelf.c (process_mips_specific): Check for an options section + that is too small to even contain a single option. 2019-02-20 Alan Modra <amodra@gmail.com> diff --git a/binutils/readelf.c b/binutils/readelf.c index 54d165e..20ebacc 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -16187,6 +16187,12 @@ process_mips_specific (Filedata * filedata) error (_("No MIPS_OPTIONS header found\n")); return FALSE; } + /* PR 24243 */ + if (sect->sh_size < sizeof (* eopt)) + { + error (_("The MIPS options section is too small.\n")); + return FALSE; + } eopt = (Elf_External_Options *) get_data (NULL, filedata, options_offset, 1, sect->sh_size, _("options")); |