This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] Fix a illegal memory access fault when parsing a corrupt MIPS option section using readelf.
- From: Nick Clifton <nickc at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 20 Feb 2019 17:04:28 -0000
- Subject: [binutils-gdb] Fix a illegal memory access fault when parsing a corrupt MIPS option section using readelf.
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7fc0c668f2aceb8582d74db1ad2528e2bba8a921
commit 7fc0c668f2aceb8582d74db1ad2528e2bba8a921
Author: Nick Clifton <nickc@redhat.com>
Date: Wed Feb 20 17:03:47 2019 +0000
Fix a illegal memory access fault when parsing a corrupt MIPS option section using readelf.
PR 24243
* readelf.c (process_mips_specific): Check for an options section
that is too small to even contain a single option.
Diff:
---
binutils/ChangeLog | 3 +++
binutils/readelf.c | 6 ++++++
2 files changed, 9 insertions(+)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 1ae5044..1d55610 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -2,6 +2,9 @@
PR 24242
* readelf.c (print_ia64_vms_note): Harden against corrupt notes.
+ PR 24243
+ * readelf.c (process_mips_specific): Check for an options section
+ that is too small to even contain a single option.
2019-02-20 Alan Modra <amodra@gmail.com>
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 54d165e..20ebacc 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -16187,6 +16187,12 @@ process_mips_specific (Filedata * filedata)
error (_("No MIPS_OPTIONS header found\n"));
return FALSE;
}
+ /* PR 24243 */
+ if (sect->sh_size < sizeof (* eopt))
+ {
+ error (_("The MIPS options section is too small.\n"));
+ return FALSE;
+ }
eopt = (Elf_External_Options *) get_data (NULL, filedata, options_offset, 1,
sect->sh_size, _("options"));