PR24435, buffer overflow reading dynamic entries

author Alan Modra <amodra@gmail.com>

Thu, 11 Apr 2019 10:12:31 +0000 (19:42 +0930)

committer Alan Modra <amodra@gmail.com>

Thu, 11 Apr 2019 11:27:09 +0000 (20:57 +0930)
author Alan Modra <amodra@gmail.com>
Thu, 11 Apr 2019 10:12:31 +0000 (19:42 +0930)
committer Alan Modra <amodra@gmail.com>
Thu, 11 Apr 2019 11:27:09 +0000 (20:57 +0930)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index 022e7c3f0834b6af0b62fa0fbf55f765f96c4afa..a3cdfc6505bdcfd7825c5932ff8e9020f34884ee 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2019-04-11  Alan Modra  <amodra@gmail.com>
+
+       PR 24435
+       * elflink.c (elf_link_add_object_symbols): Don't read partial
+       dynamic entries from fuzzed objects.
+
  2019-04-11  Tamar Christina  <tamar.christina@arm.com>
  
         PR ld/24302
diff --git a/bfd/elflink.c b/bfd/elflink.c

index c796e27a140e3d221ed8ee9e78fbf8476babf618..8aae9808a1d2889ac9e7921252dbe525bc5eb9a3 100644 (file)
--- a/bfd/elflink.c
+++ b/bfd/elflink.c
@@ -4076,7 +4076,7 @@ error_free_dyn:
           shlink = elf_elfsections (abfd)[elfsec]->sh_link;
  
           for (extdyn = dynbuf;
-              extdyn < dynbuf + s->size;
+              extdyn <= dynbuf + s->size - bed->s->sizeof_dyn;
                extdyn += bed->s->sizeof_dyn)
             {
               Elf_Internal_Dyn dyn;
author	Alan Modra <amodra@gmail.com>
	Thu, 11 Apr 2019 10:12:31 +0000 (19:42 +0930)
committer	Alan Modra <amodra@gmail.com>
	Thu, 11 Apr 2019 11:27:09 +0000 (20:57 +0930)
bfd/ChangeLog		patch \| blob \| history
bfd/elflink.c		patch \| blob \| history