Fix check for buffer overflow when processing version information.

author Nick Clifton <nickc@redhat.com>

Mon, 13 Feb 2017 14:35:24 +0000 (14:35 +0000)

committer Nick Clifton <nickc@redhat.com>

Mon, 13 Feb 2017 14:35:24 +0000 (14:35 +0000)
author Nick Clifton <nickc@redhat.com>
Mon, 13 Feb 2017 14:35:24 +0000 (14:35 +0000)
committer Nick Clifton <nickc@redhat.com>
Mon, 13 Feb 2017 14:35:24 +0000 (14:35 +0000)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog

index f099467..ebaedcc 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,5 +1,11 @@
  2017-02-13  Nick Clifton  <nickc@redhat.com>
  
+       PR binutils/21148
+       * readelf.c (process_version_sections): Include size of auxillary
+       version information when checking for buffer overflow.
+
+2017-02-13  Nick Clifton  <nickc@redhat.com>
+
         PR binutils/21147
         * readelf.c (process_section_contents): Fix off by one error
         reporting un-dumped sections.
diff --git a/binutils/readelf.c b/binutils/readelf.c

index 6fd7ff7..a61befe 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -10019,7 +10019,7 @@ process_version_sections (FILE * file)
                         ent.vd_ndx, ent.vd_cnt);
  
                 /* Check for overflow.  */
-               if (ent.vd_aux > (size_t) (endbuf - vstart))
+               if (ent.vd_aux + sizeof (* eaux) > (size_t) (endbuf - vstart))
                   break;
  
                 vstart += ent.vd_aux;
author	Nick Clifton <nickc@redhat.com>
	Mon, 13 Feb 2017 14:35:24 +0000 (14:35 +0000)
committer	Nick Clifton <nickc@redhat.com>
	Mon, 13 Feb 2017 14:35:24 +0000 (14:35 +0000)
binutils/ChangeLog		patch \| blob \| history
binutils/readelf.c		patch \| blob \| history