espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-26 05:47:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

asan: readelf: heap buffer overflow in slurp_hppa_unwind_table

Browse Source 
This one isn't just a weird corner case requiring multiple
.PARISC.unwind sections in an object file to trigger the buffer
overflow, it's also a simple bug that would prevent relocations being
applied in the normal case of a single .PARISC.unwind section.

	* readelf (slurp_hppa_unwind_table): Set table_len before use
	in relocation sanity checks.
This commit is contained in:
Alan Modra
2020-07-09 13:18:37 +09:30
parent a6978338d9
commit e3fdc001d3
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
binutils/ChangeLog
View File

@ -1,3 +1,8 @@
2020-07-09 Alan Modra <amodra@gmail.com>
* readelf (slurp_hppa_unwind_table): Set table_len before use
in relocation sanity checks.
2020-07-07 Alan Modra <amodra@gmail.com> 2020-07-07 Alan Modra <amodra@gmail.com>
* testsuite/binutils-all/ar.exp: Use is_xcoff_format. * testsuite/binutils-all/ar.exp: Use is_xcoff_format.

3
binutils/readelf.c
View File

@ -8253,6 +8253,7 @@ slurp_hppa_unwind_table (Filedata * filedata,
nentries = size / unw_ent_size; nentries = size / unw_ent_size;
size = unw_ent_size * nentries; size = unw_ent_size * nentries;
aux->table_len = nentries;
tep = aux->table = (struct hppa_unw_table_entry *) tep = aux->table = (struct hppa_unw_table_entry *)
xcmalloc (nentries, sizeof (aux->table[0])); xcmalloc (nentries, sizeof (aux->table[0]));
@ -8372,8 +8373,6 @@ slurp_hppa_unwind_table (Filedata * filedata,
free (rela); free (rela);
} }
aux->table_len = nentries;
return TRUE; return TRUE;
} }