Fix heap-buffer address violation when reading version data from a corrupt binary.

author Nick Clifton <nickc@redhat.com>

Fri, 28 Apr 2017 10:21:53 +0000 (11:21 +0100)

committer Nick Clifton <nickc@redhat.com>

Fri, 28 Apr 2017 10:21:53 +0000 (11:21 +0100)
author Nick Clifton <nickc@redhat.com>
Fri, 28 Apr 2017 10:21:53 +0000 (11:21 +0100)
committer Nick Clifton <nickc@redhat.com>
Fri, 28 Apr 2017 10:21:53 +0000 (11:21 +0100)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog

index 951673b..8bb1fc5 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,5 +1,11 @@
  2017-04-28  Nick Clifton  <nickc@redhat.com>
  
+       PR binutils/21437
+       * readelf.c (process_version_sections): Check for underflow when
+       computing the start address of the auxillary version data.
+
+2017-04-28  Nick Clifton  <nickc@redhat.com>
+
         PR binutils/21438
         * dwarf.c (process_extended_line_op): Do not assume that the
         string extracted from the section is NUL terminated.
diff --git a/binutils/readelf.c b/binutils/readelf.c

index b57e1e0..72f9dda 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -10178,8 +10178,9 @@ process_version_sections (FILE * file)
                 printf (_("  Index: %d  Cnt: %d  "),
                         ent.vd_ndx, ent.vd_cnt);
  
-               /* Check for overflow.  */
-               if (ent.vd_aux + sizeof (* eaux) > (size_t) (endbuf - vstart))
+               /* Check for overflow and underflow.  */
+               if (ent.vd_aux + sizeof (* eaux) > (size_t) (endbuf - vstart)
+                   || (vstart + ent.vd_aux < vstart))
                   break;
  
                 vstart += ent.vd_aux;
author	Nick Clifton <nickc@redhat.com>
	Fri, 28 Apr 2017 10:21:53 +0000 (11:21 +0100)
committer	Nick Clifton <nickc@redhat.com>
	Fri, 28 Apr 2017 10:21:53 +0000 (11:21 +0100)
binutils/ChangeLog		patch \| blob \| history
binutils/readelf.c		patch \| blob \| history