aboutsummaryrefslogtreecommitdiff
path: root/bfd
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2021-04-30 14:19:24 +0100
committerNick Clifton <nickc@redhat.com>2021-04-30 14:19:24 +0100
commit9f84cb380e8403ad4f1184fd09af475c17fd8835 (patch)
tree46be58b8bc60780a6bbb9251f11f7e5587228406 /bfd
parent6cb40a679b23b07b9fe0c43147d300b630deec70 (diff)
downloadgdb-9f84cb380e8403ad4f1184fd09af475c17fd8835.zip
gdb-9f84cb380e8403ad4f1184fd09af475c17fd8835.tar.gz
gdb-9f84cb380e8403ad4f1184fd09af475c17fd8835.tar.bz2
Fix an illegal memory access when parsing a corrupt core note.
PR 27799 * elf32-xtensa.c (elf_xtensa_grok_prstatus): Check for core notes that are too small.
Diffstat (limited to 'bfd')
-rw-r--r--bfd/ChangeLog6
-rw-r--r--bfd/elf32-xtensa.c7
2 files changed, 12 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 548ed9f..cd9b1b3 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,11 @@
2021-04-30 Nick Clifton <nickc@redhat.com>
+ PR 27799
+ * elf32-xtensa.c (elf_xtensa_grok_prstatus): Check for core notes
+ that are too small.
+
+2021-04-30 Nick Clifton <nickc@redhat.com>
+
PR 27797
* libbfd.c (bfd_realloc_or_free): Do not free a pointer than has
been realloc'ed to size 0.
diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c
index c1781c7..7c5fb55 100644
--- a/bfd/elf32-xtensa.c
+++ b/bfd/elf32-xtensa.c
@@ -3740,8 +3740,14 @@ elf_xtensa_grok_prstatus (bfd *abfd, Elf_Internal_Note *note)
int offset;
unsigned int size;
+ if (elf_tdata (abfd) == NULL
+ || elf_tdata (abfd)->core == NULL)
+ return false;
+
/* The size for Xtensa is variable, so don't try to recognize the format
based on the size. Just assume this is GNU/Linux. */
+ if (note == NULL || note->descsz < 28)
+ return false;
/* pr_cursig */
elf_tdata (abfd)->core->signal = bfd_get_16 (abfd, note->descdata + 12);
@@ -3758,7 +3764,6 @@ elf_xtensa_grok_prstatus (bfd *abfd, Elf_Internal_Note *note)
size, note->descpos + offset);
}
-
static bool
elf_xtensa_grok_psinfo (bfd *abfd, Elf_Internal_Note *note)
{