From: Alan Modra Date: Wed, 2 Jun 2021 05:17:17 +0000 (+0930) Subject: asan: heap buffer overflow in _bfd_elf_parse_attributes X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=45342c7c91f4c0a737405468ce2999825cb11c9a;p=binutils-gdb.git asan: heap buffer overflow in _bfd_elf_parse_attributes * elf-attrs.c (_bfd_elf_parse_attributes): Break out of loop if subsection length is too small to cover tag and length field. --- diff --git a/bfd/ChangeLog b/bfd/ChangeLog index fd9721e7809..7857b70cf06 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2021-06-02 Alan Modra + + * elf-attrs.c (_bfd_elf_parse_attributes): Break out of loop if + subsection length is too small to cover tag and length field. + 2021-05-31 Nelson Chu Lifang Xia diff --git a/bfd/elf-attrs.c b/bfd/elf-attrs.c index 11a81a3ba74..72c606d9d1c 100644 --- a/bfd/elf-attrs.c +++ b/bfd/elf-attrs.c @@ -548,15 +548,15 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr) } else { - subsection_len = 0; p = p_end; + break; } - if (subsection_len == 0) - break; if (subsection_len > section_len) subsection_len = section_len; section_len -= subsection_len; end = orig_p + subsection_len; + if (end < p) + break; switch (tag) { case Tag_File: