espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-27 22:48:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

Work around integer overflows when readelf is checking for corrupt ELF notes when run on a 32-bit host.

Browse Source 
PR 22384
	* readelf.c (print_gnu_property_note): Improve overflow checks so
	that they will work on a 32-bit host.
This commit is contained in:
Mingi Cho
2017-11-02 17:01:08 +00:00
committed by Nick Clifton
parent f26ae15b47
commit 6ab2c4ed51
2 changed files with 23 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
binutils/ChangeLog
View File

@ -1,3 +1,9 @@
2017-11-02 Mingi Cho <mgcho.minic@gmail.com>
PR 22384
* readelf.c (print_gnu_property_note): Improve overflow checks so
that they will work on a 32-bit host.
2017-11-01 James Bowman <james.bowman@ftdichip.com>
* readelf.c (is_16bit_abs_reloc): Add entry for FT32.

33
binutils/readelf.c
View File

@ -16519,15 +16519,24 @@ print_gnu_property_note (Elf_Internal_Note * pnote)
return;
}
while (1)
while (ptr < ptr_end)
{
unsigned int j;
unsigned int type = byte_get (ptr, 4);
unsigned int datasz = byte_get (ptr + 4, 4);
unsigned int type;
unsigned int datasz;
if ((size_t) (ptr_end - ptr) < 8)
{
printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz);
break;
}
type = byte_get (ptr, 4);
datasz = byte_get (ptr + 4, 4);
ptr += 8;
if ((ptr + datasz) > ptr_end)
if (datasz > (size_t) (ptr_end - ptr))
{
printf (_("<corrupt type (%#x) datasz: %#x>\n"),
type, datasz);
@ -16608,19 +16617,11 @@ next:
ptr += ((datasz + (size - 1)) & ~ (size - 1));
if (ptr == ptr_end)
break;
else
{
if (do_wide)
printf (", ");
else
printf ("\n\t");
}
if (ptr > (ptr_end - 8))
{
printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz);
break;
}
if (do_wide)
printf (", ");
else
printf ("\n\t");
}
printf ("\n");