PR24435, buffer overflow reading dynamic entries

PR 24435 * elflink.c (elf_link_add_object_symbols): Don't read partial dynamic entries from fuzzed objects.
author: Alan Modra <amodra@gmail.com> 2019-04-11 19:42:31 +0930
committer: Alan Modra <amodra@gmail.com> 2019-04-11 20:57:09 +0930
commit: 9bff840e8cc560f5096a43609ed3e0d980733fd9 (patch)
tree: c94d7d80f89988d7d835301dc64d87797a6b0bf4
parent: ce12121b63145322b4961bbb2b94b939cb916ba7 (diff)
download: gdb-9bff840e8cc560f5096a43609ed3e0d980733fd9.zip
gdb-9bff840e8cc560f5096a43609ed3e0d980733fd9.tar.gz
gdb-9bff840e8cc560f5096a43609ed3e0d980733fd9.tar.bz2
2 files changed, 7 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 022e7c3..a3cdfc6 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2019-04-11  Alan Modra  <amodra@gmail.com>
+
+	PR 24435
+	* elflink.c (elf_link_add_object_symbols): Don't read partial
+	dynamic entries from fuzzed objects.
+
 2019-04-11  Tamar Christina  <tamar.christina@arm.com>
 
 	PR ld/24302
diff --git a/bfd/elflink.c b/bfd/elflink.c
index c796e27..8aae980 100644
--- a/bfd/elflink.c
+++ b/bfd/elflink.c
@@ -4076,7 +4076,7 @@ error_free_dyn:
 	  shlink = elf_elfsections (abfd)[elfsec]->sh_link;
 
 	  for (extdyn = dynbuf;
-	       extdyn < dynbuf + s->size;
+	       extdyn <= dynbuf + s->size - bed->s->sizeof_dyn;
 	       extdyn += bed->s->sizeof_dyn)
 	    {
 	      Elf_Internal_Dyn dyn;
author	Alan Modra <amodra@gmail.com>	2019-04-11 19:42:31 +0930
committer	Alan Modra <amodra@gmail.com>	2019-04-11 20:57:09 +0930
commit	9bff840e8cc560f5096a43609ed3e0d980733fd9 (patch)
tree	c94d7d80f89988d7d835301dc64d87797a6b0bf4
parent	ce12121b63145322b4961bbb2b94b939cb916ba7 (diff)
download	gdb-9bff840e8cc560f5096a43609ed3e0d980733fd9.zip gdb-9bff840e8cc560f5096a43609ed3e0d980733fd9.tar.gz gdb-9bff840e8cc560f5096a43609ed3e0d980733fd9.tar.bz2