Fix illegal memory access triggered when parsing a PE binary with a corrupt data dictionary.
PR 22373 * peicode.h (pe_bfd_read_buildid): Check for invalid size and data offset values.
This commit is contained in:
Nick Clifton
parent
45ac8f4f10
commit
0bb6961f18
2 changed files with 12 additions and 3 deletions
|
|
@ -1303,7 +1303,6 @@ pe_bfd_read_buildid (bfd *abfd)
|
|||
bfd_byte *data = 0;
|
||||
bfd_size_type dataoff;
|
||||
unsigned int i;
|
||||
|
||||
bfd_vma addr = extra->DataDirectory[PE_DEBUG_DATA].VirtualAddress;
|
||||
bfd_size_type size = extra->DataDirectory[PE_DEBUG_DATA].Size;
|
||||
|
||||
|
|
@ -1327,8 +1326,12 @@ pe_bfd_read_buildid (bfd *abfd)
|
|||
|
||||
dataoff = addr - section->vma;
|
||||
|
||||
/* PR 20605: Make sure that the data is really there. */
|
||||
if (dataoff + size > section->size)
|
||||
/* PR 20605 and 22373: Make sure that the data is really there.
|
||||
Note - since we are dealing with unsigned quantities we have
|
||||
to be careful to check for potential overflows. */
|
||||
if (dataoff > section->size
|
||||
|| size > section->size
|
||||
|| dataoff + size > section->size)
|
||||
{
|
||||
_bfd_error_handler (_("%B: Error: Debug Data ends beyond end of debug directory."),
|
||||
abfd);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue