This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
[Bug tools/21299] heap-based buffer overflow in handle_gnu_hash (readelf.c)
- From: "mark at klomp dot org" <sourceware-bugzilla at sourceware dot org>
- To: elfutils-devel at sourceware dot org
- Date: Mon, 03 Apr 2017 21:43:51 +0000
- Subject: [Bug tools/21299] heap-based buffer overflow in handle_gnu_hash (readelf.c)
- Auto-submitted: auto-generated
- References: <bug-21299-10460@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=21299
Mark Wielaard <mark at klomp dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
CC| |mark at klomp dot org
Resolution|--- |FIXED
--- Comment #2 from Mark Wielaard <mark at klomp dot org> ---
commit 9d84fdd78705d7a1b9947a9f4ca77fbccdd76d4a
Author: Mark Wielaard <mark@klomp.org>
Date: Fri Mar 24 12:15:02 2017 +0100
readelf: Fix off by one sanity check in handle_gnu_hash.
We sanity check to make sure we don't index outside the chain array
by testing inner > max_nsyms. But inner is a zero-based index, while
max_nsyms is the maximum number. Change the check to inner >= max_nsyms.
https://sourceware.org/bugzilla/show_bug.cgi?id=21299
Signed-off-by: Mark Wielaard <mark@klomp.org>
--
You are receiving this mail because:
You are on the CC list for the bug.