From: Nick Clifton <nickc@redhat.com>
Date: Fri, 6 Feb 2015 12:59:25 +0000 (+0000)
Subject: Fix an invalid memory access triggered by running readelf on a fuzzed binary.
X-Git-Tag: gdb-7.10-release~1714
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=55325047241cf38dae3c6a577561c740a9024bf3;p=external%2Fbinutils.git

Fix an invalid memory access triggered by running readelf on a fuzzed binary.

	PR binutils/17531
	* readelf.c (process_mips_specific): Fail if an option has an
	invalid size.
---

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 9e682c1..803bfa8 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -8,6 +8,8 @@
 	* dwarf.c (xcmalloc): Fail if the arguments are too big.
 	(xcrealloc): Likewise.
 	(xcalloc2): Likewise.
+	* readelf.c (process_mips_specific): Fail if an option has an
+	invalid size.
 
 2015-02-05  Alan Modra  <amodra@gmail.com>
 
diff --git a/binutils/readelf.c b/binutils/readelf.c
index a0d6f32..00bcb1d 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -13880,9 +13880,8 @@ process_mips_specific (FILE * file)
 	      if (option->size < sizeof (* eopt)
 		  || offset + option->size > sect->sh_size)
 		{
-		  warn (_("Invalid size (%u) for MIPS option\n"), option->size);
-		  option->size = sizeof (* eopt);
-		  break;
+		  error (_("Invalid size (%u) for MIPS option\n"), option->size);
+		  return 0;
 		}
 	      offset += option->size;