Fix an illegal memory access when copying a PE format file with corrupt debug information.

PR 23110 * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for a negative PE_DEBUG_DATA size before iterating over the debug data.
author: Nick Clifton <nickc@redhat.com> 2018-04-24 16:31:27 +0100
committer: Nick Clifton <nickc@redhat.com> 2018-04-24 16:32:12 +0100
commit: aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 (patch)
tree: 199693d690fc4b0b404fe4ee221eb1cd7676f999 /bfd/peXXigen.c
parent: 0a8ddac418d3e8e12a1bb51c3b0da90155f83403 (diff)
download: gdb-aa4a8c2a2a67545e90c877162c53cc9de42dc8b4.zip
gdb-aa4a8c2a2a67545e90c877162c53cc9de42dc8b4.tar.gz
gdb-aa4a8c2a2a67545e90c877162c53cc9de42dc8b4.tar.bz2
1 files changed, 9 insertions, 0 deletions
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c
index bc97984..32ce195 100644
--- a/bfd/peXXigen.c
+++ b/bfd/peXXigen.c
@@ -2993,6 +2993,15 @@ _bfd_XX_bfd_copy_private_bfd_data_common (bfd * ibfd, bfd * obfd)
 		 (uint64_t) (section->size - (addr - section->vma)));
 	      return FALSE;
 	    }
+	  /* PR 23110.  */
+	  else if (ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size < 0)
+	    {
+	      /* xgettext:c-format */
+	      _bfd_error_handler
+		(_("%pB: Data Directory size (%#lx) is negative"),
+		 obfd, ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size);
+	      return FALSE;
+	    }
 
 	  for (i = 0; i < ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size
 		 / sizeof (struct external_IMAGE_DEBUG_DIRECTORY); i++)
author	Nick Clifton <nickc@redhat.com>	2018-04-24 16:31:27 +0100
committer	Nick Clifton <nickc@redhat.com>	2018-04-24 16:32:12 +0100
commit	aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 (patch)
tree	199693d690fc4b0b404fe4ee221eb1cd7676f999 /bfd/peXXigen.c
parent	0a8ddac418d3e8e12a1bb51c3b0da90155f83403 (diff)
download	gdb-aa4a8c2a2a67545e90c877162c53cc9de42dc8b4.zip gdb-aa4a8c2a2a67545e90c877162c53cc9de42dc8b4.tar.gz gdb-aa4a8c2a2a67545e90c877162c53cc9de42dc8b4.tar.bz2