PR24435, buffer overflow reading dynamic entries

author Alan Modra <amodra@gmail.com>

Thu, 11 Apr 2019 10:12:31 +0000 (19:42 +0930)

committer Alan Modra <amodra@gmail.com>

Thu, 11 Apr 2019 11:27:09 +0000 (20:57 +0930)
author Alan Modra <amodra@gmail.com>
Thu, 11 Apr 2019 10:12:31 +0000 (19:42 +0930)
committer Alan Modra <amodra@gmail.com>
Thu, 11 Apr 2019 11:27:09 +0000 (20:57 +0930)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index 022e7c3..a3cdfc6 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2019-04-11  Alan Modra  <amodra@gmail.com>
+
+       PR 24435
+       * elflink.c (elf_link_add_object_symbols): Don't read partial
+       dynamic entries from fuzzed objects.
+
  2019-04-11  Tamar Christina  <tamar.christina@arm.com>
  
         PR ld/24302
diff --git a/bfd/elflink.c b/bfd/elflink.c

index c796e27..8aae980 100644 (file)
--- a/bfd/elflink.c
+++ b/bfd/elflink.c
@@ -4076,7 +4076,7 @@ error_free_dyn:
           shlink = elf_elfsections (abfd)[elfsec]->sh_link;
  
           for (extdyn = dynbuf;
-              extdyn < dynbuf + s->size;
+              extdyn <= dynbuf + s->size - bed->s->sizeof_dyn;
                extdyn += bed->s->sizeof_dyn)
             {
               Elf_Internal_Dyn dyn;
author	Alan Modra <amodra@gmail.com>
	Thu, 11 Apr 2019 10:12:31 +0000 (19:42 +0930)
committer	Alan Modra <amodra@gmail.com>
	Thu, 11 Apr 2019 11:27:09 +0000 (20:57 +0930)
bfd/ChangeLog		patch \| blob \| history
bfd/elflink.c		patch \| blob \| history