diff options
| -rw-r--r-- | binutils/ChangeLog | 6 | ||||
| -rw-r--r-- | binutils/readelf.c | 33 |
2 files changed, 23 insertions, 16 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 231fc84..19f9261 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,9 @@ +2017-11-02 Mingi Cho <mgcho.minic@gmail.com> + + PR 22384 + * readelf.c (print_gnu_property_note): Improve overflow checks so + that they will work on a 32-bit host. + 2017-11-01 James Bowman <james.bowman@ftdichip.com> * readelf.c (is_16bit_abs_reloc): Add entry for FT32. diff --git a/binutils/readelf.c b/binutils/readelf.c index 9af5d42..cfd37eb 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -16519,15 +16519,24 @@ print_gnu_property_note (Elf_Internal_Note * pnote) return; } - while (1) + while (ptr < ptr_end) { unsigned int j; - unsigned int type = byte_get (ptr, 4); - unsigned int datasz = byte_get (ptr + 4, 4); + unsigned int type; + unsigned int datasz; + + if ((size_t) (ptr_end - ptr) < 8) + { + printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz); + break; + } + + type = byte_get (ptr, 4); + datasz = byte_get (ptr + 4, 4); ptr += 8; - if ((ptr + datasz) > ptr_end) + if (datasz > (size_t) (ptr_end - ptr)) { printf (_("<corrupt type (%#x) datasz: %#x>\n"), type, datasz); @@ -16608,19 +16617,11 @@ next: ptr += ((datasz + (size - 1)) & ~ (size - 1)); if (ptr == ptr_end) break; - else - { - if (do_wide) - printf (", "); - else - printf ("\n\t"); - } - if (ptr > (ptr_end - 8)) - { - printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz); - break; - } + if (do_wide) + printf (", "); + else + printf ("\n\t"); } printf ("\n"); |