diff options
author | Nick Clifton <nickc@redhat.com> | 2012-02-01 15:44:30 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2012-02-01 15:44:30 +0000 |
commit | 8b971f9fe98d53e92ad7ca36a55c207eda5782aa (patch) | |
tree | 460e4f04ea01a8660fd52f9d02ba5192990cbc57 /binutils/readelf.c | |
parent | bc884eba6a28fe7bf907df58f10ccb13989d6c5a (diff) | |
download | gdb-8b971f9fe98d53e92ad7ca36a55c207eda5782aa.zip gdb-8b971f9fe98d53e92ad7ca36a55c207eda5782aa.tar.gz gdb-8b971f9fe98d53e92ad7ca36a55c207eda5782aa.tar.bz2 |
PR binutils/13482
* readelf.c (process_corefile_note_segment): Fix off-by-one errors
verifying the contents of a note.
* binutils-all/version.s: New test source file.
* binutils-all/readelf.n: New file: expected readelf output.
* binutils-all/readelf.exp: Add test of .note section contents.
Diffstat (limited to 'binutils/readelf.c')
-rw-r--r-- | binutils/readelf.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/binutils/readelf.c b/binutils/readelf.c index 861b2c1..3ade53e 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -1,6 +1,6 @@ /* readelf.c -- display contents of an ELF format file Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - 2008, 2009, 2010, 2011 + 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. Originally developed by Eric Youngdale <eric@andante.jic.com> @@ -12994,7 +12994,7 @@ process_corefile_note_segment (FILE * file, bfd_vma offset, bfd_vma length) external = next; /* Prevent out-of-bounds indexing. */ - if (inote.namedata + inote.namesz >= (char *) pnotes + length + if (inote.namedata + inote.namesz > (char *) pnotes + length || inote.namedata + inote.namesz < inote.namedata) { warn (_("corrupt note found at offset %lx into core notes\n"), @@ -13008,7 +13008,7 @@ process_corefile_note_segment (FILE * file, bfd_vma offset, bfd_vma length) one version of Linux (RedHat 6.0) generates corefiles that don't comply with the ELF spec by failing to include the null byte in namesz. */ - if (inote.namedata[inote.namesz] != '\0') + if (inote.namedata[inote.namesz - 1] != '\0') { temp = (char *) malloc (inote.namesz + 1); |