diff options
author | Nick Clifton <nickc@redhat.com> | 2014-10-30 15:52:10 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2014-10-30 15:52:10 +0000 |
commit | 7e760b06b212f01b3819d5b37e8f5b613e0db34c (patch) | |
tree | aaa6565f7fe8ac341a262055ee5572966e1c7ba1 | |
parent | 3bdff46b67a527886f49735a5d192c05a332a131 (diff) | |
download | gdb-7e760b06b212f01b3819d5b37e8f5b613e0db34c.zip gdb-7e760b06b212f01b3819d5b37e8f5b613e0db34c.tar.gz gdb-7e760b06b212f01b3819d5b37e8f5b613e0db34c.tar.bz2 |
Closes another memory corruption, this time due to heap overrun.
PR binutils/17512
* coffgen.c (coff_get_normalized_symtab): Prevent buffer overrun.
-rw-r--r-- | bfd/ChangeLog | 5 | ||||
-rw-r--r-- | bfd/coffgen.c | 8 |
2 files changed, 11 insertions, 2 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index a5790a5..f25c1b1 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2014-10-30 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * coffgen.c (coff_get_normalized_symtab): Prevent buffer overrun. + 2014-10-29 Nick Clifton <nickc@redhat.com> * elf.c (bfd_section_from_shdr): Fix heap use after free memory diff --git a/bfd/coffgen.c b/bfd/coffgen.c index 3f22389..a1a0325 100644 --- a/bfd/coffgen.c +++ b/bfd/coffgen.c @@ -1748,7 +1748,7 @@ coff_get_normalized_symtab (bfd *abfd) if (internal == NULL && size != 0) return NULL; internal_end = internal + obj_raw_syment_count (abfd); - + if (! _bfd_coff_get_external_symbols (abfd)) return NULL; @@ -1766,8 +1766,8 @@ coff_get_normalized_symtab (bfd *abfd) raw_src < raw_end; raw_src += symesz, internal_ptr++) { - unsigned int i; + bfd_coff_swap_sym_in (abfd, (void *) raw_src, (void *) & internal_ptr->u.syment); symbol_ptr = internal_ptr; @@ -1777,6 +1777,10 @@ coff_get_normalized_symtab (bfd *abfd) i++) { internal_ptr++; + /* PR 17512: Prevent buffer overrun. */ + if (internal_ptr >= internal_end) + return NULL; + raw_src += symesz; bfd_coff_swap_aux_in (abfd, (void *) raw_src, symbol_ptr->u.syment.n_type, |