diff options
| author | Nick Clifton <nickc@redhat.com> | 2020-07-15 11:09:59 +0100 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2020-07-15 11:09:59 +0100 |
| commit | 4fd8d5856435ff84de1f181381fc51754285af6f (patch) | |
| tree | 79347458234713500cdf06bc7efd647b47f2eaf0 /bfd | |
| parent | 52781cce795439ce5055ee9b8a8c7bc6f92b7b72 (diff) | |
| download | gdb-4fd8d5856435ff84de1f181381fc51754285af6f.zip gdb-4fd8d5856435ff84de1f181381fc51754285af6f.tar.gz gdb-4fd8d5856435ff84de1f181381fc51754285af6f.tar.bz2 | |
Fix an illegal memory access in the BFD library which can be triggered by attempting to parse a corrupt PE format file.
PR26240
* coffgen.c (coff_get_normalized_symtab): Fix off-by-one error in
check for aux entries that overflow the buufer.
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/ChangeLog | 6 | ||||
| -rw-r--r-- | bfd/coffgen.c | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 321e2e0..1337645 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2020-07-15 Nick Clifton <nickc@redhat.com> + + PR26240 + * coffgen.c (coff_get_normalized_symtab): Fix off-by-one error in + check for aux entries that overflow the buufer. + 2020-07-15 Hans-Peter Nilsson <hp@bitrange.com> * elf64-mmix.c (mmix_elf_relax_section): Improve accounting for diff --git a/bfd/coffgen.c b/bfd/coffgen.c index d49b2ff..0a26972 100644 --- a/bfd/coffgen.c +++ b/bfd/coffgen.c @@ -1814,7 +1814,7 @@ coff_get_normalized_symtab (bfd *abfd) internal_ptr->is_sym = TRUE; /* PR 17512: Prevent buffer overrun. */ - if (symbol_ptr->u.syment.n_numaux > (raw_end - raw_src) / symesz) + if (symbol_ptr->u.syment.n_numaux > ((raw_end - 1) - raw_src) / symesz) { bfd_release (abfd, internal); return NULL; |