Catch potential integer overflow in readelf when processing corrupt binaries.

PR 24829 * readelf.c (apply_relocations): Catch potential integer overflow whilst checking reloc location against section size.
2025-06-24 12:23:31 +08:00 · 2019-08-05 10:40:35 +01:00
parent 2b79f3761c
commit e17869db99
2 changed files with 7 additions and 1 deletions
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@ -1,3 +1,9 @@
+2019-08-05  Nick Clifton  <nickc@redhat.com>
+
+	PR 24829
+	* readelf.c (apply_relocations): Catch potential integer overflow
+	whilst checking reloc location against section size.
+
 2019-08-02  Alan Modra  <amodra@gmail.com>

 	PR 24871
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@ -13366,7 +13366,7 @@ apply_relocations (Filedata *                 filedata,
 	    }

 	  rloc = start + rp->r_offset;
-	  if ((rloc + reloc_size) > end || (rloc < start))
+	  if (rloc >= end || (rloc + reloc_size) > end || (rloc < start))
 	    {
 	      warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
 		    (unsigned long) rp->r_offset,