diff options
author | Alan Modra <amodra@gmail.com> | 2019-08-07 11:50:28 +0930 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2019-08-07 12:00:06 +0930 |
commit | 906799036a9bcc2b6f27fbcf894092bdc03f6da9 (patch) | |
tree | eadcc6e5a8f73a73db402b7df6bd91c05a560c07 | |
parent | 0cf9feb996cb32939840b13073a49310b1fd71e0 (diff) | |
download | gdb-906799036a9bcc2b6f27fbcf894092bdc03f6da9.zip gdb-906799036a9bcc2b6f27fbcf894092bdc03f6da9.tar.gz gdb-906799036a9bcc2b6f27fbcf894092bdc03f6da9.tar.bz2 |
PR24876, readelf: heap-buffer-overflow in dump_ia64_unwind
PR 24876
* readelf.c (dump_ia64_unwind): Check that buffer is large
enough for "stamp" before reading.
-rw-r--r-- | binutils/ChangeLog | 6 | ||||
-rw-r--r-- | binutils/readelf.c | 3 |
2 files changed, 8 insertions, 1 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 411f835..f60d5ff 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,9 @@ +2019-08-07 Alan Modra <amodra@gmail.com> + + PR 24876 + * readelf.c (dump_ia64_unwind): Check that buffer is large + enough for "stamp" before reading. + 2019-08-05 Nick Clifton <nickc@redhat.com> PR 24874 diff --git a/binutils/readelf.c b/binutils/readelf.c index e785fde..5e18734 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -7574,7 +7574,8 @@ dump_ia64_unwind (Filedata * filedata, struct ia64_unw_aux_info * aux) } offset -= aux->info_addr; /* PR 17531: file: 0997b4d1. */ - if (offset >= aux->info_size) + if (offset >= aux->info_size + || aux->info_size - offset < 8) { warn (_("Invalid offset %lx in table entry %ld\n"), (long) tp->info.offset, (long) (tp - aux->table)); |