Fix a illegal memory access fault when parsing a corrupt MIPS option section using...

author Nick Clifton <nickc@redhat.com>

Wed, 20 Feb 2019 17:03:47 +0000 (17:03 +0000)

committer Nick Clifton <nickc@redhat.com>

Wed, 20 Feb 2019 17:03:47 +0000 (17:03 +0000)
author Nick Clifton <nickc@redhat.com>
Wed, 20 Feb 2019 17:03:47 +0000 (17:03 +0000)
committer Nick Clifton <nickc@redhat.com>
Wed, 20 Feb 2019 17:03:47 +0000 (17:03 +0000)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog

index 1ae5044fd3412bb9771eae17c7462e29c552dcdf..1d5561054ac606f9a67778c310f3c42376655ccd 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -2,6 +2,9 @@
  
         PR 24242
         * readelf.c (print_ia64_vms_note): Harden against corrupt notes.
+       PR 24243
+       * readelf.c (process_mips_specific): Check for an options section
+       that is too small to even contain a single option.
  
  2019-02-20  Alan Modra  <amodra@gmail.com>
  
diff --git a/binutils/readelf.c b/binutils/readelf.c

index 54d165e60993c6b9bb6c431505e88d574a0430e1..20ebacc9cbd029bb68364668a96a66ebafd26fd1 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -16187,6 +16187,12 @@ process_mips_specific (Filedata * filedata)
           error (_("No MIPS_OPTIONS header found\n"));
           return FALSE;
         }
+      /* PR 24243  */
+      if (sect->sh_size < sizeof (* eopt))
+       {
+         error (_("The MIPS options section is too small.\n"));
+         return FALSE;
+       }
  
        eopt = (Elf_External_Options *) get_data (NULL, filedata, options_offset, 1,
                                                  sect->sh_size, _("options"));
author	Nick Clifton <nickc@redhat.com>
	Wed, 20 Feb 2019 17:03:47 +0000 (17:03 +0000)
committer	Nick Clifton <nickc@redhat.com>
	Wed, 20 Feb 2019 17:03:47 +0000 (17:03 +0000)
binutils/ChangeLog		patch \| blob \| history
binutils/readelf.c		patch \| blob \| history