diff options
author | Nick Clifton <nickc@redhat.com> | 2018-06-20 16:30:05 +0100 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2018-06-20 16:30:05 +0100 |
commit | 6077de0645ce12a9c4e99f8839a846b42a535b0a (patch) | |
tree | 475cbc867cc962b2f7f4b4f055d220acc7e86994 | |
parent | 1d554008b3747c6ccaa8e3a08cc797cfade242f3 (diff) | |
download | gdb-6077de0645ce12a9c4e99f8839a846b42a535b0a.zip gdb-6077de0645ce12a9c4e99f8839a846b42a535b0a.tar.gz gdb-6077de0645ce12a9c4e99f8839a846b42a535b0a.tar.bz2 |
Fix potential illegal memroy access when using a build-id note with a negative size.
PR 23316
* opncls.c (get_build_id): Check for a negative or excessive data
size in the build-id note.
-rw-r--r-- | bfd/ChangeLog | 6 | ||||
-rw-r--r-- | bfd/opncls.c | 3 |
2 files changed, 8 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 110115c..bdbdf69 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -12,6 +12,12 @@ 2018-06-20 Nick Clifton <nickc@redhat.com> + PR 23316 + * opncls.c (get_build_id): Check for a negative or excessive data + size in the build-id note. + +2018-06-20 Nick Clifton <nickc@redhat.com> + PR 23299 * mach-o.c (cputype): New function. (cpusubtype): New function. diff --git a/bfd/opncls.c b/bfd/opncls.c index 16b568c..e275045 100644 --- a/bfd/opncls.c +++ b/bfd/opncls.c @@ -1877,10 +1877,11 @@ get_build_id (bfd *abfd) inote.descdata = inote.namedata + BFD_ALIGN (inote.namesz, 4); /* FIXME: Should we check for extra notes in this section ? */ - if (inote.descsz == 0 + if (inote.descsz <= 0 || inote.type != NT_GNU_BUILD_ID || inote.namesz != 4 /* sizeof "GNU" */ || strncmp (inote.namedata, "GNU", 4) != 0 + || inote.descsz > 0x7ffffffe || size < (12 + BFD_ALIGN (inote.namesz, 4) + inote.descsz)) { free (contents); |