diff options
| author | Nick Clifton <nickc@redhat.com> | 2015-02-06 12:59:25 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2015-02-06 13:03:08 +0000 |
| commit | 55325047241cf38dae3c6a577561c740a9024bf3 (patch) | |
| tree | 662ac09d63a5a42bb768e12cdb62760e2eefb4e0 | |
| parent | 9e2dec471006de3e0489a34fbeb922fee1e302af (diff) | |
| download | gdb-55325047241cf38dae3c6a577561c740a9024bf3.zip gdb-55325047241cf38dae3c6a577561c740a9024bf3.tar.gz gdb-55325047241cf38dae3c6a577561c740a9024bf3.tar.bz2 | |
Fix an invalid memory access triggered by running readelf on a fuzzed binary.
PR binutils/17531
* readelf.c (process_mips_specific): Fail if an option has an
invalid size.
| -rw-r--r-- | binutils/ChangeLog | 2 | ||||
| -rw-r--r-- | binutils/readelf.c | 5 |
2 files changed, 4 insertions, 3 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 9e682c1..803bfa8 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -8,6 +8,8 @@ * dwarf.c (xcmalloc): Fail if the arguments are too big. (xcrealloc): Likewise. (xcalloc2): Likewise. + * readelf.c (process_mips_specific): Fail if an option has an + invalid size. 2015-02-05 Alan Modra <amodra@gmail.com> diff --git a/binutils/readelf.c b/binutils/readelf.c index a0d6f32..00bcb1d 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -13880,9 +13880,8 @@ process_mips_specific (FILE * file) if (option->size < sizeof (* eopt) || offset + option->size > sect->sh_size) { - warn (_("Invalid size (%u) for MIPS option\n"), option->size); - option->size = sizeof (* eopt); - break; + error (_("Invalid size (%u) for MIPS option\n"), option->size); + return 0; } offset += option->size; |