This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] Update check for invalid values in pe_bfd_read_buildid function.
- From: Nick Clifton <nickc at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 1 Nov 2017 12:38:08 -0000
- Subject: [binutils-gdb] Update check for invalid values in pe_bfd_read_buildid function.
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e0115a844607b280449986e661f551dff49a9031
commit e0115a844607b280449986e661f551dff49a9031
Author: Nick Clifton <nickc@redhat.com>
Date: Wed Nov 1 12:37:33 2017 +0000
Update check for invalid values in pe_bfd_read_buildid function.
PR 22373
* peicode.h (pe_bfd_read_buildid): Revise check for invalid size
and offset in light of further possible bogus values.
Diff:
---
bfd/ChangeLog | 6 ++++++
bfd/peicode.h | 5 ++---
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 662ef44..60fbc9c 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-11-01 Nick Clifton <nickc@redhat.com>
+
+ PR 22373
+ * peicode.h (pe_bfd_read_buildid): Revise check for invalid size
+ and offset in light of further possible bogus values.
+
2017-11-01 Alan Modra <amodra@gmail.com>
PR 22374
diff --git a/bfd/peicode.h b/bfd/peicode.h
index f3b759c..e5cacbd 100644
--- a/bfd/peicode.h
+++ b/bfd/peicode.h
@@ -1329,9 +1329,8 @@ pe_bfd_read_buildid (bfd *abfd)
/* PR 20605 and 22373: Make sure that the data is really there.
Note - since we are dealing with unsigned quantities we have
to be careful to check for potential overflows. */
- if (dataoff > section->size
- || size > section->size
- || dataoff + size > section->size)
+ if (dataoff >= section->size
+ || size > section->size - dataoff)
{
_bfd_error_handler (_("%B: Error: Debug Data ends beyond end of debug directory."),
abfd);