From e0115a844607b280449986e661f551dff49a9031 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Wed, 1 Nov 2017 12:37:33 +0000 Subject: [PATCH] Update check for invalid values in pe_bfd_read_buildid function. PR 22373 * peicode.h (pe_bfd_read_buildid): Revise check for invalid size and offset in light of further possible bogus values. --- bfd/ChangeLog | 6 ++++++ bfd/peicode.h | 5 ++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 662ef44cc60..60fbc9c8e48 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2017-11-01 Nick Clifton + + PR 22373 + * peicode.h (pe_bfd_read_buildid): Revise check for invalid size + and offset in light of further possible bogus values. + 2017-11-01 Alan Modra PR 22374 diff --git a/bfd/peicode.h b/bfd/peicode.h index f3b759cce88..e5cacbd2c10 100644 --- a/bfd/peicode.h +++ b/bfd/peicode.h @@ -1329,9 +1329,8 @@ pe_bfd_read_buildid (bfd *abfd) /* PR 20605 and 22373: Make sure that the data is really there. Note - since we are dealing with unsigned quantities we have to be careful to check for potential overflows. */ - if (dataoff > section->size - || size > section->size - || dataoff + size > section->size) + if (dataoff >= section->size + || size > section->size - dataoff) { _bfd_error_handler (_("%B: Error: Debug Data ends beyond end of debug directory."), abfd); -- 2.30.2