diff options
author | Alan Modra <amodra@gmail.com> | 2019-03-15 15:49:27 +1030 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2019-03-15 20:05:18 +1030 |
commit | f55b1e3248e4950464ea120027cc6881003e0ead (patch) | |
tree | 842a3b26ca467b5ce7c5bb0804c17374b9d0c9d1 /bfd | |
parent | 418d4036ee37807b97b8040ebe7e2c15e9db726d (diff) | |
download | gdb-f55b1e3248e4950464ea120027cc6881003e0ead.zip gdb-f55b1e3248e4950464ea120027cc6881003e0ead.tar.gz gdb-f55b1e3248e4950464ea120027cc6881003e0ead.tar.bz2 |
PR24336, buffer overflow in swap_reloca_in
PR 24336
* elflink.c (elf_link_read_relocs_from_section): Handle fuzzed
object files with sh_size not a multiple of sh_entsize.
Diffstat (limited to 'bfd')
-rw-r--r-- | bfd/ChangeLog | 6 | ||||
-rw-r--r-- | bfd/elflink.c | 6 |
2 files changed, 10 insertions, 2 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index a072ade..b1011b1 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2019-03-15 Alan Modra <amodra@gmail.com> + + PR 24336 + * elflink.c (elf_link_read_relocs_from_section): Handle fuzzed + object files with sh_size not a multiple of sh_entsize. + 2019-03-15 H.J. Lu <hongjiu.lu@intel.com> PR ld/24338 diff --git a/bfd/elflink.c b/bfd/elflink.c index 3413726..2600c39 100644 --- a/bfd/elflink.c +++ b/bfd/elflink.c @@ -2523,9 +2523,11 @@ elf_link_read_relocs_from_section (bfd *abfd, } erela = (const bfd_byte *) external_relocs; - erelaend = erela + shdr->sh_size; + /* Setting erelaend like this and comparing with <= handles case of + a fuzzed object with sh_size not a multiple of sh_entsize. */ + erelaend = erela + shdr->sh_size - shdr->sh_entsize; irela = internal_relocs; - while (erela < erelaend) + while (erela <= erelaend) { bfd_vma r_symndx; |