aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2018-06-20 16:30:05 +0100
committerNick Clifton <nickc@redhat.com>2018-06-20 16:30:05 +0100
commit6077de0645ce12a9c4e99f8839a846b42a535b0a (patch)
tree475cbc867cc962b2f7f4b4f055d220acc7e86994
parent1d554008b3747c6ccaa8e3a08cc797cfade242f3 (diff)
downloadgdb-6077de0645ce12a9c4e99f8839a846b42a535b0a.zip
gdb-6077de0645ce12a9c4e99f8839a846b42a535b0a.tar.gz
gdb-6077de0645ce12a9c4e99f8839a846b42a535b0a.tar.bz2
Fix potential illegal memroy access when using a build-id note with a negative size.
PR 23316 * opncls.c (get_build_id): Check for a negative or excessive data size in the build-id note.
-rw-r--r--bfd/ChangeLog6
-rw-r--r--bfd/opncls.c3
2 files changed, 8 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 110115c..bdbdf69 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -12,6 +12,12 @@
2018-06-20 Nick Clifton <nickc@redhat.com>
+ PR 23316
+ * opncls.c (get_build_id): Check for a negative or excessive data
+ size in the build-id note.
+
+2018-06-20 Nick Clifton <nickc@redhat.com>
+
PR 23299
* mach-o.c (cputype): New function.
(cpusubtype): New function.
diff --git a/bfd/opncls.c b/bfd/opncls.c
index 16b568c..e275045 100644
--- a/bfd/opncls.c
+++ b/bfd/opncls.c
@@ -1877,10 +1877,11 @@ get_build_id (bfd *abfd)
inote.descdata = inote.namedata + BFD_ALIGN (inote.namesz, 4);
/* FIXME: Should we check for extra notes in this section ? */
- if (inote.descsz == 0
+ if (inote.descsz <= 0
|| inote.type != NT_GNU_BUILD_ID
|| inote.namesz != 4 /* sizeof "GNU" */
|| strncmp (inote.namedata, "GNU", 4) != 0
+ || inote.descsz > 0x7ffffffe
|| size < (12 + BFD_ALIGN (inote.namesz, 4) + inote.descsz))
{
free (contents);