projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5c811d3)
Fix buffer overrun when parsing an ELF attribute string that is not NUL terminated.
authorNick Clifton <nickc@redhat.com>
Fri, 1 Sep 2017 08:57:44 +0000 (09:57 +0100)
committerNick Clifton <nickc@redhat.com>
Fri, 1 Sep 2017 08:57:44 +0000 (09:57 +0100)
PR 22058
* elf-attrs.c (_bfd_elf_parse_attributes): Ensure that the
attribute buffer is NUL terminated.

bfd/ChangeLog patch | blob | history
bfd/elf-attrs.c patch | blob | history

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 368b558697407c6b94d234997b7215683cec783a..e0dd88fafada7f775dfcd65ba9fd4235b970c092 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-09-01  Nick Clifton  <nickc@redhat.com>
+
+       PR 22058
+       * elf-attrs.c (_bfd_elf_parse_attributes): Ensure that the
+       attribute buffer is NUL terminated.
+
 2017-08-31  Nick Clifton  <nickc@redhat.com>
 
        PR 22047
diff --git a/bfd/elf-attrs.c b/bfd/elf-attrs.c
index 759da6e968eb51b47c9e47ff62f21033f7707b0e..761a4ceb2ccdaaac923d952dabd54d23acb9af01 100644 (file)
--- a/bfd/elf-attrs.c
+++ b/bfd/elf-attrs.c
@@ -438,7 +438,7 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
   /* PR 17512: file: 2844a11d.  */
   if (hdr->sh_size == 0)
     return;
-  contents = (bfd_byte *) bfd_malloc (hdr->sh_size);
+  contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1);
   if (!contents)
     return;
   if (!bfd_get_section_contents (abfd, hdr->bfd_section, contents, 0,
@@ -447,6 +447,8 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
       free (contents);
       return;
     }
+  /* Ensure that the buffer is NUL terminated.  */
+  contents[hdr->sh_size] = 0;
   p = contents;
   p_end = p + hdr->sh_size;
   std_sec = get_elf_backend_data (abfd)->obj_attrs_vendor;