From: Alan Modra Date: Mon, 8 Jul 2019 00:36:09 +0000 (+0930) Subject: PR24785, bfd crashes on empty .PPC.EMB.apuinfo section X-Git-Tag: binutils-2_33~633 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=62a47958bd6e3cbd909c2f19cd4669a9670ce4f1;p=external%2Fbinutils.git PR24785, bfd crashes on empty .PPC.EMB.apuinfo section PR 24785 * elf32-ppc.c (_bfd_elf_ppc_set_arch): Sanity check .PPC.EMB.apuinfo size before reading first word. --- diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 1e2a3f1..7daec6b 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2019-07-08 Alan Modra + + PR 24785 + * elf32-ppc.c (_bfd_elf_ppc_set_arch): Sanity check .PPC.EMB.apuinfo + size before reading first word. + 2019-07-02 Nick Clifton PR 24717 diff --git a/bfd/elf32-ppc.c b/bfd/elf32-ppc.c index df813d3..ae03d72 100644 --- a/bfd/elf32-ppc.c +++ b/bfd/elf32-ppc.c @@ -1077,7 +1077,9 @@ _bfd_elf_ppc_set_arch (bfd *abfd) if (mach == 0) { s = bfd_get_section_by_name (abfd, APUINFO_SECTION_NAME); - if (s != NULL && bfd_malloc_and_get_section (abfd, s, &contents)) + if (s != NULL + && s->size >= 24 + && bfd_malloc_and_get_section (abfd, s, &contents)) { unsigned int apuinfo_size = bfd_get_32 (abfd, contents + 4); unsigned int i;