Fix an invalid memory access triggered by running readelf on a fuzzed binary.
authorNick Clifton <nickc@redhat.com>
Fri, 6 Feb 2015 12:59:25 +0000 (12:59 +0000)
committerNick Clifton <nickc@redhat.com>
Fri, 6 Feb 2015 13:03:08 +0000 (13:03 +0000)
PR binutils/17531
* readelf.c (process_mips_specific): Fail if an option has an
invalid size.

binutils/ChangeLog
binutils/readelf.c

index 9e682c1a90e00868b19dc31c1eb3314e7538bbb4..803bfa89b8438bab9234e1718d1a1b6eb4d10163 100644 (file)
@@ -8,6 +8,8 @@
        * dwarf.c (xcmalloc): Fail if the arguments are too big.
        (xcrealloc): Likewise.
        (xcalloc2): Likewise.
+       * readelf.c (process_mips_specific): Fail if an option has an
+       invalid size.
 
 2015-02-05  Alan Modra  <amodra@gmail.com>
 
index a0d6f327896df359fbb3bc1303472e2a31bc16a1..00bcb1d4bc29730e591d7d6d58d1332423ba5e97 100644 (file)
@@ -13880,9 +13880,8 @@ process_mips_specific (FILE * file)
              if (option->size < sizeof (* eopt)
                  || offset + option->size > sect->sh_size)
                {
-                 warn (_("Invalid size (%u) for MIPS option\n"), option->size);
-                 option->size = sizeof (* eopt);
-                 break;
+                 error (_("Invalid size (%u) for MIPS option\n"), option->size);
+                 return 0;
                }
              offset += option->size;