From: Nick Clifton Date: Tue, 31 Oct 2017 14:29:40 +0000 (+0000) Subject: Fix illegal memory access triggered when parsing a PE binary with a corrupt data... X-Git-Tag: users/ARM/embedded-binutils-master-2017q4~408 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0bb6961f18b8e832d88b490d421ca56cea16c45b;p=external%2Fbinutils.git Fix illegal memory access triggered when parsing a PE binary with a corrupt data dictionary. PR 22373 * peicode.h (pe_bfd_read_buildid): Check for invalid size and data offset values. --- diff --git a/bfd/ChangeLog b/bfd/ChangeLog index d6de8d5..a28769a 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2017-10-31 Nick Clifton + + PR 22373 + * peicode.h (pe_bfd_read_buildid): Check for invalid size and data + offset values. + 2017-10-30 Alan Modra * elf32-frv.c (ELF_TARGET_ID): Don't define for generic diff --git a/bfd/peicode.h b/bfd/peicode.h index 2dffb12..f3b759c 100644 --- a/bfd/peicode.h +++ b/bfd/peicode.h @@ -1303,7 +1303,6 @@ pe_bfd_read_buildid (bfd *abfd) bfd_byte *data = 0; bfd_size_type dataoff; unsigned int i; - bfd_vma addr = extra->DataDirectory[PE_DEBUG_DATA].VirtualAddress; bfd_size_type size = extra->DataDirectory[PE_DEBUG_DATA].Size; @@ -1327,8 +1326,12 @@ pe_bfd_read_buildid (bfd *abfd) dataoff = addr - section->vma; - /* PR 20605: Make sure that the data is really there. */ - if (dataoff + size > section->size) + /* PR 20605 and 22373: Make sure that the data is really there. + Note - since we are dealing with unsigned quantities we have + to be careful to check for potential overflows. */ + if (dataoff > section->size + || size > section->size + || dataoff + size > section->size) { _bfd_error_handler (_("%B: Error: Debug Data ends beyond end of debug directory."), abfd);