PR23147, Heap buffer overflow in pe_print_idata

author Alan Modra <amodra@gmail.com>

Wed, 9 May 2018 04:26:34 +0000 (13:56 +0930)

committer Alan Modra <amodra@gmail.com>

Wed, 9 May 2018 04:42:56 +0000 (14:12 +0930)
author Alan Modra <amodra@gmail.com>
Wed, 9 May 2018 04:26:34 +0000 (13:56 +0930)
committer Alan Modra <amodra@gmail.com>
Wed, 9 May 2018 04:42:56 +0000 (14:12 +0930)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index e478821a7f8276c625ece1a164e29865b6269d4b..f158067af5960b8c271882ce3b021c2a5a47259f 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2018-05-09  Alan Modra  <amodra@gmail.com>
+
+       PR 23147
+       * peXXigen.c (pe_print_idata): Bound check hint_addr.
+
  2018-05-08  Nick Clifton  <nickc@redhat.com>
  
         PR 22809
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c

index 5e0acc4571d3316f92fd390da1a0bc02e3db122b..b32cc18681d4c2ad14e917822cafef7569a43f7c 100644 (file)
--- a/bfd/peXXigen.c
+++ b/bfd/peXXigen.c
@@ -1438,7 +1438,7 @@ pe_print_idata (bfd * abfd, void * vfile)
        if (hint_addr == 0)
         hint_addr = first_thunk;
  
-      if (hint_addr != 0)
+      if (hint_addr != 0 && hint_addr - adj < datasize)
         {
           bfd_byte *ft_data;
           asection *ft_section;
author	Alan Modra <amodra@gmail.com>
	Wed, 9 May 2018 04:26:34 +0000 (13:56 +0930)
committer	Alan Modra <amodra@gmail.com>
	Wed, 9 May 2018 04:42:56 +0000 (14:12 +0930)
bfd/ChangeLog		patch \| blob \| history
bfd/peXXigen.c		patch \| blob \| history