From: Nick Clifton Date: Fri, 21 Apr 2017 11:31:59 +0000 (+0100) Subject: Fix shift overflow when parsing an overlarge note value. X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54;p=binutils-gdb.git Fix shift overflow when parsing an overlarge note value. PR binutils/21378 * readelf.c (print_gnu_build_attribute_name): Check for an overlarge name field. --- diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 5f75c170fa8..e833b055404 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,9 @@ +2017-04-21 Nick Clifton + + PR binutils/21378 + * readelf.c (print_gnu_build_attribute_name): Check for an + overlarge name field. + 2017-04-13 Nick Clifton PR binutils/21379 diff --git a/binutils/readelf.c b/binutils/readelf.c index ab53473b433..e5756672f49 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -16948,10 +16948,18 @@ print_gnu_build_attribute_name (Elf_Internal_Note * pnote) { case GNU_BUILD_ATTRIBUTE_TYPE_NUMERIC: { - unsigned int bytes = pnote->namesz - (name - pnote->namedata); - unsigned long val = 0; - unsigned int shift = 0; - char * decoded = NULL; + unsigned int bytes = pnote->namesz - (name - pnote->namedata); + unsigned long long val = 0; + unsigned int shift = 0; + char * decoded = NULL; + + /* PR 21378 */ + if (bytes > sizeof (val)) + { + error (_("corrupt name field: namesz of %lu is too large for a numeric value\n"), + pnote->namesz); + return FALSE; + } while (bytes --) { @@ -16995,9 +17003,9 @@ print_gnu_build_attribute_name (Elf_Internal_Note * pnote) else { if (do_wide) - left -= printf ("0x%lx", val); + left -= printf ("0x%llx", val); else - left -= printf ("0x%-.*lx", left, val); + left -= printf ("0x%-.*llx", left, val); } } break;