diff options
| author | Alan Modra <amodra@gmail.com> | 2017-10-18 12:05:39 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2017-10-18 12:50:45 +1030 |
| commit | 5396a86e439653fb5cd714b955708250777a32e5 (patch) | |
| tree | 9dea822354c79ab221d79573a7269553ffe8b4d2 /binutils/ChangeLog | |
| parent | b7213666d6035713c3a2786ee418085e07cb3cca (diff) | |
| download | gdb-5396a86e439653fb5cd714b955708250777a32e5.zip gdb-5396a86e439653fb5cd714b955708250777a32e5.tar.gz gdb-5396a86e439653fb5cd714b955708250777a32e5.tar.bz2 | |
PR22303, print_core_note out of bounds read
The print_core_note change here fixes the PR, the rest is making
readelf a little more bombproof against maliciously crafted binaries.
PR 22303
* readelf.c (print_core_note): Ensure "count" sanity check
calculation doesn't overflow.
(process_notes_at): Perform note namesz and descsz checks
using unsigned comparisons against data remaining. Catch
alignment overflow of namesz and descsz too. Don't allocate a
temp for terminating "name" when there is space available
before descdata.
Diffstat (limited to 'binutils/ChangeLog')
| -rw-r--r-- | binutils/ChangeLog | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 5defa0d..ca01a09 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,14 @@ +2017-10-18 Alan Modra <amodra@gmail.com> + + PR 22303 + * readelf.c (print_core_note): Ensure "count" sanity check + calculation doesn't overflow. + (process_notes_at): Perform note namesz and descsz checks + using unsigned comparisons against data remaining. Catch + alignment overflow of namesz and descsz too. Don't allocate a + temp for terminating "name" when there is space available + before descdata. + 2017-10-17 Tom Tromey <tom@tromey.com> * MAINTAINERS: Add myself as dwarf-mode.el maintainer. |