espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-23 03:29:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

asan: som_set_reloc_info heap buffer overflow

Browse Source 
Also a bugfix.  The first time the section was read, the contents
didn't supply an addend.

	* som.c (som_set_reloc_info): Sanity check offset.  Do process
	contents after reading.  Tidy section->contents after freeing.
This commit is contained in:
Alan Modra
2022-09-12 19:15:01 +09:30
parent 72e366db62
commit acfd5524fa
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
bfd/som.c
View File

@ -5251,7 +5251,9 @@ som_set_reloc_info (unsigned char *fixup,
section->contents = contents;
deallocate_contents = 1;
}
else if (rptr->addend == 0)
if (rptr->addend == 0
&& offset - var ('L') <= section->size
&& section->size - (offset - var ('L')) >= 4)
rptr->addend = bfd_get_32 (section->owner,
(section->contents
+ offset - var ('L')));
@ -5269,7 +5271,10 @@ som_set_reloc_info (unsigned char *fixup,
}
}
if (deallocate_contents)
free (section->contents);
{
free (section->contents);
section->contents = NULL;
}
return count;