diff options
author | Nick Clifton <nickc@redhat.com> | 2021-04-30 14:19:24 +0100 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2021-04-30 14:19:24 +0100 |
commit | 9f84cb380e8403ad4f1184fd09af475c17fd8835 (patch) | |
tree | 46be58b8bc60780a6bbb9251f11f7e5587228406 /bfd | |
parent | 6cb40a679b23b07b9fe0c43147d300b630deec70 (diff) | |
download | gdb-9f84cb380e8403ad4f1184fd09af475c17fd8835.zip gdb-9f84cb380e8403ad4f1184fd09af475c17fd8835.tar.gz gdb-9f84cb380e8403ad4f1184fd09af475c17fd8835.tar.bz2 |
Fix an illegal memory access when parsing a corrupt core note.
PR 27799
* elf32-xtensa.c (elf_xtensa_grok_prstatus): Check for core notes
that are too small.
Diffstat (limited to 'bfd')
-rw-r--r-- | bfd/ChangeLog | 6 | ||||
-rw-r--r-- | bfd/elf32-xtensa.c | 7 |
2 files changed, 12 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 548ed9f..cd9b1b3 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,5 +1,11 @@ 2021-04-30 Nick Clifton <nickc@redhat.com> + PR 27799 + * elf32-xtensa.c (elf_xtensa_grok_prstatus): Check for core notes + that are too small. + +2021-04-30 Nick Clifton <nickc@redhat.com> + PR 27797 * libbfd.c (bfd_realloc_or_free): Do not free a pointer than has been realloc'ed to size 0. diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c index c1781c7..7c5fb55 100644 --- a/bfd/elf32-xtensa.c +++ b/bfd/elf32-xtensa.c @@ -3740,8 +3740,14 @@ elf_xtensa_grok_prstatus (bfd *abfd, Elf_Internal_Note *note) int offset; unsigned int size; + if (elf_tdata (abfd) == NULL + || elf_tdata (abfd)->core == NULL) + return false; + /* The size for Xtensa is variable, so don't try to recognize the format based on the size. Just assume this is GNU/Linux. */ + if (note == NULL || note->descsz < 28) + return false; /* pr_cursig */ elf_tdata (abfd)->core->signal = bfd_get_16 (abfd, note->descdata + 12); @@ -3758,7 +3764,6 @@ elf_xtensa_grok_prstatus (bfd *abfd, Elf_Internal_Note *note) size, note->descpos + offset); } - static bool elf_xtensa_grok_psinfo (bfd *abfd, Elf_Internal_Note *note) { |