This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] Fix heap-buffer address violation when reading version data from a corrupt binary.
- From: Nick Clifton <nickc at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 28 Apr 2017 10:22:31 -0000
- Subject: [binutils-gdb] Fix heap-buffer address violation when reading version data from a corrupt binary.
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4e3afec278d1fb55b983751d02119f65566bd094
commit 4e3afec278d1fb55b983751d02119f65566bd094
Author: Nick Clifton <nickc@redhat.com>
Date: Fri Apr 28 11:21:53 2017 +0100
Fix heap-buffer address violation when reading version data from a corrupt binary.
PR binutils/21437
* readelf.c (process_version_sections): Check for underflow when
computing the start address of the auxillary version data.
Diff:
---
binutils/ChangeLog | 6 ++++++
binutils/readelf.c | 5 +++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 951673b..8bb1fc5 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,5 +1,11 @@
2017-04-28 Nick Clifton <nickc@redhat.com>
+ PR binutils/21437
+ * readelf.c (process_version_sections): Check for underflow when
+ computing the start address of the auxillary version data.
+
+2017-04-28 Nick Clifton <nickc@redhat.com>
+
PR binutils/21438
* dwarf.c (process_extended_line_op): Do not assume that the
string extracted from the section is NUL terminated.
diff --git a/binutils/readelf.c b/binutils/readelf.c
index b57e1e0..72f9dda 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -10178,8 +10178,9 @@ process_version_sections (FILE * file)
printf (_(" Index: %d Cnt: %d "),
ent.vd_ndx, ent.vd_cnt);
- /* Check for overflow. */
- if (ent.vd_aux + sizeof (* eaux) > (size_t) (endbuf - vstart))
+ /* Check for overflow and underflow. */
+ if (ent.vd_aux + sizeof (* eaux) > (size_t) (endbuf - vstart)
+ || (vstart + ent.vd_aux < vstart))
break;
vstart += ent.vd_aux;