Closes another memory corruption, this time due to heap overrun.
authorNick Clifton <nickc@redhat.com>
Thu, 30 Oct 2014 15:52:10 +0000 (15:52 +0000)
committerNick Clifton <nickc@redhat.com>
Thu, 30 Oct 2014 15:52:10 +0000 (15:52 +0000)
PR binutils/17512
* coffgen.c (coff_get_normalized_symtab): Prevent buffer overrun.

bfd/ChangeLog
bfd/coffgen.c

index a5790a568105df4f37756a4debf2b45d3ccebb0c..f25c1b1e6272fd39336807081f9ff86dcc779bb6 100644 (file)
@@ -1,3 +1,8 @@
+2014-10-30  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/17512
+       * coffgen.c (coff_get_normalized_symtab): Prevent buffer overrun.
+
 2014-10-29  Nick Clifton  <nickc@redhat.com>
 
        * elf.c (bfd_section_from_shdr): Fix heap use after free memory
index 3f223897f66767cb5e6be32f1a58cbf7441f5b46..a1a032543e44e218dc4c69d5088dfe920c41326a 100644 (file)
@@ -1748,7 +1748,7 @@ coff_get_normalized_symtab (bfd *abfd)
   if (internal == NULL && size != 0)
     return NULL;
   internal_end = internal + obj_raw_syment_count (abfd);
-
+  
   if (! _bfd_coff_get_external_symbols (abfd))
     return NULL;
 
@@ -1766,8 +1766,8 @@ coff_get_normalized_symtab (bfd *abfd)
        raw_src < raw_end;
        raw_src += symesz, internal_ptr++)
     {
-
       unsigned int i;
+
       bfd_coff_swap_sym_in (abfd, (void *) raw_src,
                            (void *) & internal_ptr->u.syment);
       symbol_ptr = internal_ptr;
@@ -1777,6 +1777,10 @@ coff_get_normalized_symtab (bfd *abfd)
           i++)
        {
          internal_ptr++;
+         /* PR 17512: Prevent buffer overrun.  */
+         if (internal_ptr >= internal_end)
+           return NULL;
+
          raw_src += symesz;
          bfd_coff_swap_aux_in (abfd, (void *) raw_src,
                                symbol_ptr->u.syment.n_type,