Fix heap-buffer address violation when reading version data from a corrupt binary.

author Nick Clifton <nickc@redhat.com>

Fri, 28 Apr 2017 10:21:53 +0000 (11:21 +0100)

committer Nick Clifton <nickc@redhat.com>

Fri, 28 Apr 2017 10:21:53 +0000 (11:21 +0100)
author Nick Clifton <nickc@redhat.com>
Fri, 28 Apr 2017 10:21:53 +0000 (11:21 +0100)
committer Nick Clifton <nickc@redhat.com>
Fri, 28 Apr 2017 10:21:53 +0000 (11:21 +0100)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog

index 951673bd6ad281e08b9199acb37bc2952938025d..8bb1fc5052e01cdf0a6af61fa4e5d0d4151e8951 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2017-04-28  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21437
+       * readelf.c (process_version_sections): Check for underflow when
+       computing the start address of the auxillary version data.
+
  2017-04-28  Nick Clifton  <nickc@redhat.com>
  
         PR binutils/21438
diff --git a/binutils/readelf.c b/binutils/readelf.c

index b57e1e029bdf0cc9a99eb2d116e89198c6eadb72..72f9dda6443f6603df80b46657130d08263dcd08 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -10178,8 +10178,9 @@ process_version_sections (FILE * file)
                 printf (_("  Index: %d  Cnt: %d  "),
                         ent.vd_ndx, ent.vd_cnt);
  
-               /* Check for overflow.  */
-               if (ent.vd_aux + sizeof (* eaux) > (size_t) (endbuf - vstart))
+               /* Check for overflow and underflow.  */
+               if (ent.vd_aux + sizeof (* eaux) > (size_t) (endbuf - vstart)
+                   || (vstart + ent.vd_aux < vstart))
                   break;
  
                 vstart += ent.vd_aux;
author	Nick Clifton <nickc@redhat.com>
	Fri, 28 Apr 2017 10:21:53 +0000 (11:21 +0100)
committer	Nick Clifton <nickc@redhat.com>
	Fri, 28 Apr 2017 10:21:53 +0000 (11:21 +0100)
binutils/ChangeLog		patch \| blob \| history
binutils/readelf.c		patch \| blob \| history