FreeChainXenon/binutils-gdb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

PR24876, readelf: heap-buffer-overflow in dump_ia64_unwind

Browse source 
PR 24876
	* readelf.c (dump_ia64_unwind): Check that buffer is large
	enough for "stamp" before reading.
This commit is contained in:
Alan Modra 2019-08-07 11:50:28 +09:30
parent 0cf9feb996
commit 906799036a
2 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
binutils/ChangeLog
View file

@ -1,3 +1,9 @@
2019-08-07 Alan Modra <amodra@gmail.com>
PR 24876
* readelf.c (dump_ia64_unwind): Check that buffer is large
enough for "stamp" before reading.
2019-08-05 Nick Clifton <nickc@redhat.com> 2019-08-05 Nick Clifton <nickc@redhat.com>
PR 24874 PR 24874

3
binutils/readelf.c
View file

@ -7574,7 +7574,8 @@ dump_ia64_unwind (Filedata * filedata, struct ia64_unw_aux_info * aux)
} }
offset -= aux->info_addr; offset -= aux->info_addr;
/* PR 17531: file: 0997b4d1. */ /* PR 17531: file: 0997b4d1. */
if (offset >= aux->info_size) if (offset >= aux->info_size
|| aux->info_size - offset < 8)
{ {
warn (_("Invalid offset %lx in table entry %ld\n"), warn (_("Invalid offset %lx in table entry %ld\n"),
(long) tp->info.offset, (long) (tp - aux->table)); (long) tp->info.offset, (long) (tp - aux->table));