Fix an illegal memory access when parsing a corrupt core note.

	PR 27799
	* elf32-xtensa.c (elf_xtensa_grok_prstatus): Check for core notes
	that are too small.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 548ed9f57d3cf31b26b8f2d7c77d28ff85331620..cd9b1b386077a812c99c6397cf4639b118e1da97 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2021-04-30  Nick Clifton  <nickc@redhat.com>
+
+       PR 27799
+       * elf32-xtensa.c (elf_xtensa_grok_prstatus): Check for core notes
+       that are too small.
+
 2021-04-30  Nick Clifton  <nickc@redhat.com>
 
        PR 27797

diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c
index c1781c7a7d77755283d888d7649d05e52a727819..7c5fb558bfb733cbad4af60a5cc72c57092e9f44 100644 (file)
--- a/bfd/elf32-xtensa.c
+++ b/bfd/elf32-xtensa.c
@@ -3740,8 +3740,14 @@ elf_xtensa_grok_prstatus (bfd *abfd, Elf_Internal_Note *note)
   int offset;
   unsigned int size;
 
+  if (elf_tdata (abfd) == NULL
+      || elf_tdata (abfd)->core == NULL)
+    return false;
+
   /* The size for Xtensa is variable, so don't try to recognize the format
      based on the size.  Just assume this is GNU/Linux.  */
+  if (note == NULL || note->descsz < 28)
+    return false;
 
   /* pr_cursig */
   elf_tdata (abfd)->core->signal = bfd_get_16 (abfd, note->descdata + 12);
@@ -3758,7 +3764,6 @@ elf_xtensa_grok_prstatus (bfd *abfd, Elf_Internal_Note *note)
                                          size, note->descpos + offset);
 }
 
-
 static bool
 elf_xtensa_grok_psinfo (bfd *abfd, Elf_Internal_Note *note)
 {