diff options
| author | Nick Clifton <nickc@redhat.com> | 2017-04-28 11:21:53 +0100 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2017-04-28 11:21:53 +0100 |
| commit | 4e3afec278d1fb55b983751d02119f65566bd094 (patch) | |
| tree | 02ebb08c7bf06f6860b1dc9d1c3eddaa9df6af7b /binutils/readelf.c | |
| parent | d949ff5607b9f595e0eed2ff15fbe5eb84eb3a34 (diff) | |
| download | gdb-4e3afec278d1fb55b983751d02119f65566bd094.zip gdb-4e3afec278d1fb55b983751d02119f65566bd094.tar.gz gdb-4e3afec278d1fb55b983751d02119f65566bd094.tar.bz2 | |
Fix heap-buffer address violation when reading version data from a corrupt binary.
PR binutils/21437
* readelf.c (process_version_sections): Check for underflow when
computing the start address of the auxillary version data.
Diffstat (limited to 'binutils/readelf.c')
| -rw-r--r-- | binutils/readelf.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/binutils/readelf.c b/binutils/readelf.c index b57e1e0..72f9dda 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -10178,8 +10178,9 @@ process_version_sections (FILE * file) printf (_(" Index: %d Cnt: %d "), ent.vd_ndx, ent.vd_cnt); - /* Check for overflow. */ - if (ent.vd_aux + sizeof (* eaux) > (size_t) (endbuf - vstart)) + /* Check for overflow and underflow. */ + if (ent.vd_aux + sizeof (* eaux) > (size_t) (endbuf - vstart) + || (vstart + ent.vd_aux < vstart)) break; vstart += ent.vd_aux; |