espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-29 16:38:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

asan: buffer overflow in elfnn-aarch64.c get_plt_type

Browse Source 
We can't assume .dynamic is a multiple of ElfNN_External_Dyn, at least
not when presented with fuzzed object files.

	* elfnn-aarch64.c (get_plt_type): Don't access past end of
	improperly sized .dynamic.
This commit is contained in:
Alan Modra
2021-12-17 12:19:54 +10:30
parent dbc6a0e2e4
commit 8ef22662dc
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bfd/elfnn-aarch64.c
View File

@ -9762,11 +9762,13 @@ get_plt_type (bfd *abfd)
aarch64_plt_type ret = PLT_NORMAL; aarch64_plt_type ret = PLT_NORMAL;
bfd_byte *contents, *extdyn, *extdynend; bfd_byte *contents, *extdyn, *extdynend;
asection *sec = bfd_get_section_by_name (abfd, ".dynamic"); asection *sec = bfd_get_section_by_name (abfd, ".dynamic");
if (!sec || !bfd_malloc_and_get_section (abfd, sec, &contents)) if (!sec
|| sec->size < sizeof (ElfNN_External_Dyn)
|| !bfd_malloc_and_get_section (abfd, sec, &contents))
return ret; return ret;
extdyn = contents; extdyn = contents;
extdynend = contents + sec->size; extdynend = contents + sec->size - sizeof (ElfNN_External_Dyn);
for (; extdyn < extdynend; extdyn += sizeof (ElfNN_External_Dyn)) for (; extdyn <= extdynend; extdyn += sizeof (ElfNN_External_Dyn))
{ {
Elf_Internal_Dyn dyn; Elf_Internal_Dyn dyn;
bfd_elfNN_swap_dyn_in (abfd, extdyn, &dyn); bfd_elfNN_swap_dyn_in (abfd, extdyn, &dyn);