From: Nick Clifton Date: Fri, 6 Feb 2015 12:59:25 +0000 (+0000) Subject: Fix an invalid memory access triggered by running readelf on a fuzzed binary. X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=55325047241cf38dae3c6a577561c740a9024bf3;p=binutils-gdb.git Fix an invalid memory access triggered by running readelf on a fuzzed binary. PR binutils/17531 * readelf.c (process_mips_specific): Fail if an option has an invalid size. --- diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 9e682c1a90e..803bfa89b84 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -8,6 +8,8 @@ * dwarf.c (xcmalloc): Fail if the arguments are too big. (xcrealloc): Likewise. (xcalloc2): Likewise. + * readelf.c (process_mips_specific): Fail if an option has an + invalid size. 2015-02-05 Alan Modra diff --git a/binutils/readelf.c b/binutils/readelf.c index a0d6f327896..00bcb1d4bc2 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -13880,9 +13880,8 @@ process_mips_specific (FILE * file) if (option->size < sizeof (* eopt) || offset + option->size > sect->sh_size) { - warn (_("Invalid size (%u) for MIPS option\n"), option->size); - option->size = sizeof (* eopt); - break; + error (_("Invalid size (%u) for MIPS option\n"), option->size); + return 0; } offset += option->size;