aboutsummaryrefslogtreecommitdiff
path: root/binutils/readelf.c
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2017-04-21 12:31:59 +0100
committerNick Clifton <nickc@redhat.com>2017-04-21 12:31:59 +0100
commitddef72cdc10d82ba011a7ff81cafbbd3466acf54 (patch)
tree473a2711bc2dab62369ce3cd889c89d3ea1a0a1a /binutils/readelf.c
parent792f174f8af4291c222d0a6de919118e488258bc (diff)
downloadgdb-ddef72cdc10d82ba011a7ff81cafbbd3466acf54.zip
gdb-ddef72cdc10d82ba011a7ff81cafbbd3466acf54.tar.gz
gdb-ddef72cdc10d82ba011a7ff81cafbbd3466acf54.tar.bz2
Fix shift overflow when parsing an overlarge note value.
PR binutils/21378 * readelf.c (print_gnu_build_attribute_name): Check for an overlarge name field.
Diffstat (limited to 'binutils/readelf.c')
-rw-r--r--binutils/readelf.c20
1 files changed, 14 insertions, 6 deletions
diff --git a/binutils/readelf.c b/binutils/readelf.c
index ab53473..e575667 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -16948,10 +16948,18 @@ print_gnu_build_attribute_name (Elf_Internal_Note * pnote)
{
case GNU_BUILD_ATTRIBUTE_TYPE_NUMERIC:
{
- unsigned int bytes = pnote->namesz - (name - pnote->namedata);
- unsigned long val = 0;
- unsigned int shift = 0;
- char * decoded = NULL;
+ unsigned int bytes = pnote->namesz - (name - pnote->namedata);
+ unsigned long long val = 0;
+ unsigned int shift = 0;
+ char * decoded = NULL;
+
+ /* PR 21378 */
+ if (bytes > sizeof (val))
+ {
+ error (_("corrupt name field: namesz of %lu is too large for a numeric value\n"),
+ pnote->namesz);
+ return FALSE;
+ }
while (bytes --)
{
@@ -16995,9 +17003,9 @@ print_gnu_build_attribute_name (Elf_Internal_Note * pnote)
else
{
if (do_wide)
- left -= printf ("0x%lx", val);
+ left -= printf ("0x%llx", val);
else
- left -= printf ("0x%-.*lx", left, val);
+ left -= printf ("0x%-.*llx", left, val);
}
}
break;