This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] Fix an invalid memory access triggered by running readelf on a fuzzed binary.
- From: Nick Clifton <nickc at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 6 Feb 2015 13:03:35 -0000
- Subject: [binutils-gdb] Fix an invalid memory access triggered by running readelf on a fuzzed binary.
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=55325047241cf38dae3c6a577561c740a9024bf3
commit 55325047241cf38dae3c6a577561c740a9024bf3
Author: Nick Clifton <nickc@redhat.com>
Date: Fri Feb 6 12:59:25 2015 +0000
Fix an invalid memory access triggered by running readelf on a fuzzed binary.
PR binutils/17531
* readelf.c (process_mips_specific): Fail if an option has an
invalid size.
Diff:
---
binutils/ChangeLog | 2 ++
binutils/readelf.c | 5 ++---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 9e682c1..803bfa8 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -8,6 +8,8 @@
* dwarf.c (xcmalloc): Fail if the arguments are too big.
(xcrealloc): Likewise.
(xcalloc2): Likewise.
+ * readelf.c (process_mips_specific): Fail if an option has an
+ invalid size.
2015-02-05 Alan Modra <amodra@gmail.com>
diff --git a/binutils/readelf.c b/binutils/readelf.c
index a0d6f32..00bcb1d 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -13880,9 +13880,8 @@ process_mips_specific (FILE * file)
if (option->size < sizeof (* eopt)
|| offset + option->size > sect->sh_size)
{
- warn (_("Invalid size (%u) for MIPS option\n"), option->size);
- option->size = sizeof (* eopt);
- break;
+ error (_("Invalid size (%u) for MIPS option\n"), option->size);
+ return 0;
}
offset += option->size;