mirror of
https://github.com/espressif/binutils-gdb.git
synced 2025-06-20 09:58:19 +08:00
Fix illegal memory access parsing a corrupt ELF file.
PR 24332 * elflink.c (elf_link_add_object_symbols): Add new local variable extversym_end. Initialise it to point to the end of the version symbol table, if present. Check it when initialising and updating the ever pointer.
This commit is contained in:
Nick Clifton
@ -1,3 +1,11 @@
|
|||||||
|
2019-03-14 Nick Clifton <nickc@redhat.com>
|
||||||
|
|
||||||
|
PR 24332
|
||||||
|
* elflink.c (elf_link_add_object_symbols): Add new local variable
|
||||||
|
extversym_end. Initialise it to point to the end of the version
|
||||||
|
symbol table, if present. Check it when initialising and updating
|
||||||
|
the ever pointer.
|
||||||
|
|
||||||
2019-03-13 Sudakshina Das <sudi.das@arm.com>
|
2019-03-13 Sudakshina Das <sudi.das@arm.com>
|
||||||
|
|
||||||
* elfnn-aarch64.c (PLT_PAC_ENTRY_SIZE, PLT_PAC_SMALL_ENTRY_SIZE): New.
|
* elfnn-aarch64.c (PLT_PAC_ENTRY_SIZE, PLT_PAC_SMALL_ENTRY_SIZE): New.
|
||||||
|
|||||||
@ -3872,6 +3872,7 @@ elf_link_add_object_symbols (bfd *abfd, struct bfd_link_info *info)
|
|||||||
struct elf_link_hash_entry **sym_hash;
|
struct elf_link_hash_entry **sym_hash;
|
||||||
bfd_boolean dynamic;
|
bfd_boolean dynamic;
|
||||||
Elf_External_Versym *extversym = NULL;
|
Elf_External_Versym *extversym = NULL;
|
||||||
|
Elf_External_Versym *extversym_end = NULL;
|
||||||
Elf_External_Versym *ever;
|
Elf_External_Versym *ever;
|
||||||
struct elf_link_hash_entry *weaks;
|
struct elf_link_hash_entry *weaks;
|
||||||
struct elf_link_hash_entry **nondeflt_vers = NULL;
|
struct elf_link_hash_entry **nondeflt_vers = NULL;
|
||||||
@ -4297,13 +4298,14 @@ error_free_dyn:
|
|||||||
Elf_Internal_Shdr *versymhdr;
|
Elf_Internal_Shdr *versymhdr;
|
||||||
|
|
||||||
versymhdr = &elf_tdata (abfd)->dynversym_hdr;
|
versymhdr = &elf_tdata (abfd)->dynversym_hdr;
|
||||||
extversym = (Elf_External_Versym *) bfd_malloc (versymhdr->sh_size);
|
amt = versymhdr->sh_size;
|
||||||
|
extversym = (Elf_External_Versym *) bfd_malloc (amt);
|
||||||
if (extversym == NULL)
|
if (extversym == NULL)
|
||||||
goto error_free_sym;
|
goto error_free_sym;
|
||||||
amt = versymhdr->sh_size;
|
|
||||||
if (bfd_seek (abfd, versymhdr->sh_offset, SEEK_SET) != 0
|
if (bfd_seek (abfd, versymhdr->sh_offset, SEEK_SET) != 0
|
||||||
|| bfd_bread (extversym, amt, abfd) != amt)
|
|| bfd_bread (extversym, amt, abfd) != amt)
|
||||||
goto error_free_vers;
|
goto error_free_vers;
|
||||||
|
extversym_end = extversym + (amt / sizeof (* extversym));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -4378,7 +4380,20 @@ error_free_dyn:
|
|||||||
}
|
}
|
||||||
|
|
||||||
weaks = NULL;
|
weaks = NULL;
|
||||||
ever = extversym != NULL ? extversym + extsymoff : NULL;
|
if (extversym == NULL)
|
||||||
|
ever = NULL;
|
||||||
|
else if (extversym + extsymoff < extversym_end)
|
||||||
|
ever = extversym + extsymoff;
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* xgettext:c-format */
|
||||||
|
_bfd_error_handler (_("%pB: invalid version offset %lx (max %lx)"),
|
||||||
|
abfd, (long) extsymoff,
|
||||||
|
(long) (extversym_end - extversym) / sizeof (* extversym));
|
||||||
|
bfd_set_error (bfd_error_bad_value);
|
||||||
|
goto error_free_vers;
|
||||||
|
}
|
||||||
|
|
||||||
for (isym = isymbuf, isymend = isymbuf + extsymcount;
|
for (isym = isymbuf, isymend = isymbuf + extsymcount;
|
||||||
isym < isymend;
|
isym < isymend;
|
||||||
isym++, sym_hash++, ever = (ever != NULL ? ever + 1 : NULL))
|
isym++, sym_hash++, ever = (ever != NULL ? ever + 1 : NULL))
|
||||||
@ -4562,6 +4577,14 @@ error_free_dyn:
|
|||||||
else
|
else
|
||||||
iver.vs_vers = 0;
|
iver.vs_vers = 0;
|
||||||
}
|
}
|
||||||
|
else if (ever >= extversym_end)
|
||||||
|
{
|
||||||
|
/* xgettext:c-format */
|
||||||
|
_bfd_error_handler (_("%pB: not enough version information"),
|
||||||
|
abfd);
|
||||||
|
bfd_set_error (bfd_error_bad_value);
|
||||||
|
goto error_free_vers;
|
||||||
|
}
|
||||||
else
|
else
|
||||||
_bfd_elf_swap_versym_in (abfd, ever, &iver);
|
_bfd_elf_swap_versym_in (abfd, ever, &iver);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user