From 53db9cf9fc363fd8ab3a9d97cdcb2ea1f639a243 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Wed, 9 May 2018 13:56:34 +0930 Subject: [PATCH] PR23147, Heap buffer overflow in pe_print_idata PR 23147 * peXXigen.c (pe_print_idata): Bound check hint_addr. --- bfd/ChangeLog | 5 +++++ bfd/peXXigen.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index e478821a7f8..f158067af59 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2018-05-09 Alan Modra + + PR 23147 + * peXXigen.c (pe_print_idata): Bound check hint_addr. + 2018-05-08 Nick Clifton PR 22809 diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c index 5e0acc4571d..b32cc18681d 100644 --- a/bfd/peXXigen.c +++ b/bfd/peXXigen.c @@ -1438,7 +1438,7 @@ pe_print_idata (bfd * abfd, void * vfile) if (hint_addr == 0) hint_addr = first_thunk; - if (hint_addr != 0) + if (hint_addr != 0 && hint_addr - adj < datasize) { bfd_byte *ft_data; asection *ft_section; -- 2.30.2