aboutsummaryrefslogtreecommitdiff
path: root/bfd
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2019-03-15 15:49:27 +1030
committerAlan Modra <amodra@gmail.com>2019-03-15 20:05:18 +1030
commitf55b1e3248e4950464ea120027cc6881003e0ead (patch)
tree842a3b26ca467b5ce7c5bb0804c17374b9d0c9d1 /bfd
parent418d4036ee37807b97b8040ebe7e2c15e9db726d (diff)
downloadgdb-f55b1e3248e4950464ea120027cc6881003e0ead.zip
gdb-f55b1e3248e4950464ea120027cc6881003e0ead.tar.gz
gdb-f55b1e3248e4950464ea120027cc6881003e0ead.tar.bz2
PR24336, buffer overflow in swap_reloca_in
PR 24336 * elflink.c (elf_link_read_relocs_from_section): Handle fuzzed object files with sh_size not a multiple of sh_entsize.
Diffstat (limited to 'bfd')
-rw-r--r--bfd/ChangeLog6
-rw-r--r--bfd/elflink.c6
2 files changed, 10 insertions, 2 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index a072ade..b1011b1 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2019-03-15 Alan Modra <amodra@gmail.com>
+
+ PR 24336
+ * elflink.c (elf_link_read_relocs_from_section): Handle fuzzed
+ object files with sh_size not a multiple of sh_entsize.
+
2019-03-15 H.J. Lu <hongjiu.lu@intel.com>
PR ld/24338
diff --git a/bfd/elflink.c b/bfd/elflink.c
index 3413726..2600c39 100644
--- a/bfd/elflink.c
+++ b/bfd/elflink.c
@@ -2523,9 +2523,11 @@ elf_link_read_relocs_from_section (bfd *abfd,
}
erela = (const bfd_byte *) external_relocs;
- erelaend = erela + shdr->sh_size;
+ /* Setting erelaend like this and comparing with <= handles case of
+ a fuzzed object with sh_size not a multiple of sh_entsize. */
+ erelaend = erela + shdr->sh_size - shdr->sh_entsize;
irela = internal_relocs;
- while (erela < erelaend)
+ while (erela <= erelaend)
{
bfd_vma r_symndx;