+2020-01-09 Nick Clifton <nickc@redhat.com>
+
+ PR 25221
+ * bfd.c (bfd_convert_section_contents): Check for a compress
+ header size that is larger than the actual section size.
+
2020-01-08 Alan Modra <amodra@gmail.com>
PR 25351
|| bfd_get_flavour (obfd) != bfd_target_elf_flavour)
return TRUE;
- /* Do nothing if ELF classes of input and output are the same. */
+ /* Do nothing if ELF classes of input and output are the same. */
if (get_elf_backend_data (ibfd)->s->elfclass
== get_elf_backend_data (obfd)->s->elfclass)
return TRUE;
if ((ibfd->flags & BFD_DECOMPRESS))
return TRUE;
- /* Do nothing if the input section isn't a SHF_COMPRESSED section. */
+ /* Do nothing if the input section isn't a SHF_COMPRESSED section. */
ihdr_size = bfd_get_compression_header_size (ibfd, isec);
if (ihdr_size == 0)
return TRUE;
+ /* PR 25221. Check for corrupt input sections. */
+ if (ihdr_size > bfd_get_section_limit (ibfd, isec))
+ /* FIXME: Issue a warning about a corrupt
+ compression header size field ? */
+ return FALSE;
+
contents = *ptr;
/* Convert the contents of the input SHF_COMPRESSED section to
use_memmove = FALSE;
}
+ else if (ihdr_size != sizeof (Elf64_External_Chdr))
+ {
+ /* FIXME: Issue a warning about a corrupt
+ compression header size field ? */
+ return FALSE;
+ }
else
{
Elf64_External_Chdr *echdr = (Elf64_External_Chdr *) contents;
projects / binutils-gdb.git / commitdiff