espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-22 02:50:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix potential illegal memroy access when using a build-id note with a negative size.

Browse Source 
PR 23316
	* opncls.c (get_build_id): Check for a negative or excessive data
	size in the build-id note.
This commit is contained in:
Nick Clifton
2018-06-20 16:30:05 +01:00
parent 1d554008b3
commit 6077de0645
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bfd/ChangeLog
View File

@ -10,6 +10,12 @@
BFD_RELOC_AARCH64_TLSLE_LDST64_TPREL_LO12_NC, BFD_RELOC_AARCH64_TLSLE_LDST64_TPREL_LO12_NC,
BFD_RELOC_AARCH64_TLSLE_LDST8_TPREL_LO12_NC. BFD_RELOC_AARCH64_TLSLE_LDST8_TPREL_LO12_NC.
2018-06-20 Nick Clifton <nickc@redhat.com>
PR 23316
* opncls.c (get_build_id): Check for a negative or excessive data
size in the build-id note.
2018-06-20 Nick Clifton <nickc@redhat.com> 2018-06-20 Nick Clifton <nickc@redhat.com>
PR 23299 PR 23299

3
bfd/opncls.c
View File

@ -1877,10 +1877,11 @@ get_build_id (bfd *abfd)
inote.descdata = inote.namedata + BFD_ALIGN (inote.namesz, 4); inote.descdata = inote.namedata + BFD_ALIGN (inote.namesz, 4);
/* FIXME: Should we check for extra notes in this section ? */ /* FIXME: Should we check for extra notes in this section ? */
if (inote.descsz == 0 if (inote.descsz <= 0
|| inote.type != NT_GNU_BUILD_ID || inote.type != NT_GNU_BUILD_ID
|| inote.namesz != 4 /* sizeof "GNU" */ || inote.namesz != 4 /* sizeof "GNU" */
|| strncmp (inote.namedata, "GNU", 4) != 0 || strncmp (inote.namedata, "GNU", 4) != 0
|| inote.descsz > 0x7ffffffe
|| size < (12 + BFD_ALIGN (inote.namesz, 4) + inote.descsz)) || size < (12 + BFD_ALIGN (inote.namesz, 4) + inote.descsz))
{ {
free (contents); free (contents);