From: Alan Modra <amodra@gmail.com>
Date: Thu, 11 Apr 2019 10:12:31 +0000 (+0930)
Subject: PR24435, buffer overflow reading dynamic entries
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=9bff840e8cc560f5096a43609ed3e0d980733fd9;p=binutils-gdb.git

PR24435, buffer overflow reading dynamic entries

	PR 24435
	* elflink.c (elf_link_add_object_symbols): Don't read partial
	dynamic entries from fuzzed objects.
---

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 022e7c3f083..a3cdfc6505b 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2019-04-11  Alan Modra  <amodra@gmail.com>
+
+	PR 24435
+	* elflink.c (elf_link_add_object_symbols): Don't read partial
+	dynamic entries from fuzzed objects.
+
 2019-04-11  Tamar Christina  <tamar.christina@arm.com>
 
 	PR ld/24302
diff --git a/bfd/elflink.c b/bfd/elflink.c
index c796e27a140..8aae9808a1d 100644
--- a/bfd/elflink.c
+++ b/bfd/elflink.c
@@ -4076,7 +4076,7 @@ error_free_dyn:
 	  shlink = elf_elfsections (abfd)[elfsec]->sh_link;
 
 	  for (extdyn = dynbuf;
-	       extdyn < dynbuf + s->size;
+	       extdyn <= dynbuf + s->size - bed->s->sizeof_dyn;
 	       extdyn += bed->s->sizeof_dyn)
 	    {
 	      Elf_Internal_Dyn dyn;