diff options
| author | Alan Modra <amodra@gmail.com> | 2021-06-02 14:47:17 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2021-06-02 14:47:17 +0930 |
| commit | 45342c7c91f4c0a737405468ce2999825cb11c9a (patch) | |
| tree | e3c253964aefb603804c2e9c48dfe56384234c75 /bfd/elf-attrs.c | |
| parent | 75bf2c9cf7dc7dad5e99f337a5d4f677e71dadc9 (diff) | |
| download | gdb-45342c7c91f4c0a737405468ce2999825cb11c9a.zip gdb-45342c7c91f4c0a737405468ce2999825cb11c9a.tar.gz gdb-45342c7c91f4c0a737405468ce2999825cb11c9a.tar.bz2 | |
asan: heap buffer overflow in _bfd_elf_parse_attributes
* elf-attrs.c (_bfd_elf_parse_attributes): Break out of loop if
subsection length is too small to cover tag and length field.
Diffstat (limited to 'bfd/elf-attrs.c')
| -rw-r--r-- | bfd/elf-attrs.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/bfd/elf-attrs.c b/bfd/elf-attrs.c index 11a81a3..72c606d 100644 --- a/bfd/elf-attrs.c +++ b/bfd/elf-attrs.c @@ -548,15 +548,15 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr) } else { - subsection_len = 0; p = p_end; + break; } - if (subsection_len == 0) - break; if (subsection_len > section_len) subsection_len = section_len; section_len -= subsection_len; end = orig_p + subsection_len; + if (end < p) + break; switch (tag) { case Tag_File: |