yggdrasil/binutils-gdb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix an invalid memory access triggered by running readelf on a fuzzed binary.

Browse Source 
PR binutils/17531
	* readelf.c (process_mips_specific): Fail if an option has an
	invalid size.
This commit is contained in:
Nick Clifton 2015-02-06 12:59:25 +00:00
parent 9e2dec4710
commit 5532504724
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
binutils/ChangeLog
View File

@ -8,6 +8,8 @@
* dwarf.c (xcmalloc): Fail if the arguments are too big. * dwarf.c (xcmalloc): Fail if the arguments are too big.
(xcrealloc): Likewise. (xcrealloc): Likewise.
(xcalloc2): Likewise. (xcalloc2): Likewise.
* readelf.c (process_mips_specific): Fail if an option has an
invalid size.
2015-02-05 Alan Modra <amodra@gmail.com> 2015-02-05 Alan Modra <amodra@gmail.com>

5
binutils/readelf.c
View File

@ -13880,9 +13880,8 @@ process_mips_specific (FILE * file)
if (option->size < sizeof (* eopt) if (option->size < sizeof (* eopt)
|| offset + option->size > sect->sh_size) || offset + option->size > sect->sh_size)
{ {
warn (_("Invalid size (%u) for MIPS option\n"), option->size); error (_("Invalid size (%u) for MIPS option\n"), option->size);
option->size = sizeof (* eopt); return 0;
break;
} }
offset += option->size; offset += option->size;