aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2019-08-07 11:50:28 +0930
committerAlan Modra <amodra@gmail.com>2019-08-07 12:00:06 +0930
commit906799036a9bcc2b6f27fbcf894092bdc03f6da9 (patch)
treeeadcc6e5a8f73a73db402b7df6bd91c05a560c07
parent0cf9feb996cb32939840b13073a49310b1fd71e0 (diff)
downloadgdb-906799036a9bcc2b6f27fbcf894092bdc03f6da9.zip
gdb-906799036a9bcc2b6f27fbcf894092bdc03f6da9.tar.gz
gdb-906799036a9bcc2b6f27fbcf894092bdc03f6da9.tar.bz2
PR24876, readelf: heap-buffer-overflow in dump_ia64_unwind
PR 24876 * readelf.c (dump_ia64_unwind): Check that buffer is large enough for "stamp" before reading.
-rw-r--r--binutils/ChangeLog6
-rw-r--r--binutils/readelf.c3
2 files changed, 8 insertions, 1 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 411f835..f60d5ff 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2019-08-07 Alan Modra <amodra@gmail.com>
+
+ PR 24876
+ * readelf.c (dump_ia64_unwind): Check that buffer is large
+ enough for "stamp" before reading.
+
2019-08-05 Nick Clifton <nickc@redhat.com>
PR 24874
diff --git a/binutils/readelf.c b/binutils/readelf.c
index e785fde..5e18734 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -7574,7 +7574,8 @@ dump_ia64_unwind (Filedata * filedata, struct ia64_unw_aux_info * aux)
}
offset -= aux->info_addr;
/* PR 17531: file: 0997b4d1. */
- if (offset >= aux->info_size)
+ if (offset >= aux->info_size
+ || aux->info_size - offset < 8)
{
warn (_("Invalid offset %lx in table entry %ld\n"),
(long) tp->info.offset, (long) (tp - aux->table));