Fix an illegal memory access parsing a corrupt sysroff file.

author Nick Clifton <nickc@redhat.com>

Wed, 24 Nov 2021 17:02:02 +0000 (17:02 +0000)

committer Nick Clifton <nickc@redhat.com>

Wed, 24 Nov 2021 17:02:02 +0000 (17:02 +0000)
author Nick Clifton <nickc@redhat.com>
Wed, 24 Nov 2021 17:02:02 +0000 (17:02 +0000)
committer Nick Clifton <nickc@redhat.com>
Wed, 24 Nov 2021 17:02:02 +0000 (17:02 +0000)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog

index 8d2f0413f9f4a7c2322fb0f9966147189213849a..cc742ec4951e9e2eca73b732c795c4d5051b4cb0 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,8 @@
+2021-11-24  Nick Clifton  <nickc@redhat.com>
+
+       PR 28564
+       * sysdump.c (getCHARS): Check for an out of bounds read.
+
  2021-11-16  Fangrui Song  <maskray@google.com>
  
         * readelf.c (enum relocation_type): New.
diff --git a/binutils/sysdump.c b/binutils/sysdump.c

index 35796e829a025b9032440207ca62fa7cd189cbf2..3aa046ffe43b30872766443fdf3aeab479edce53 100644 (file)
--- a/binutils/sysdump.c
+++ b/binutils/sysdump.c
@@ -60,6 +60,12 @@ getCHARS (unsigned char *ptr, int *idx, int size, int max)
        (*idx) += 8;
      }
  
+  if (oc + b > size)
+    {
+      /* PR 28564  */
+      return _("*corrupt*");
+    }
+
    *idx += b * 8;
    r = xcalloc (b + 1, 1);
    memcpy (r, ptr + oc, b);
author	Nick Clifton <nickc@redhat.com>
	Wed, 24 Nov 2021 17:02:02 +0000 (17:02 +0000)
committer	Nick Clifton <nickc@redhat.com>
	Wed, 24 Nov 2021 17:02:02 +0000 (17:02 +0000)
binutils/ChangeLog		patch \| blob \| history
binutils/sysdump.c		patch \| blob \| history