This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Fix memory access
- From: Nick Clifton <nickc at redhat dot com>
- To: binutils at sourceware dot org
- Cc: marcel dot boehme at nus dot edu dot sg, madler at alumni dot caltech dot edu
- Date: Fri, 17 Feb 2017 11:39:00 +0000
- Subject: Fix memory access
- Authentication-results: sourceware.org; auth=none
Hi Guys,
The upgrade to version 1.2.10 of ZLIB has exposed a bug in the BFD
library's code to decompressed section contents. The code was lying
to ZLIB about the size of the input buffer, and with the new, more
efficient code in 1.2.10 this could result in an illegal memory
access.
I am applying the patch below to fix the problem. Tested with no
regressions on a large number of targets.
Cheers
Nick
bfd/ChangeLog
2017-02-17 Nick Clifton <nickc@redhat.com>
* compress.c (bfd_get_full_section_contents): Remember to reduce
compressed size by the sizeof the compression header when
decompressing the contents.
diff --git a/bfd/compress.c b/bfd/compress.c
index 1ed7d74..f881c07 100644
--- a/bfd/compress.c
+++ b/bfd/compress.c
@@ -300,7 +300,7 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr)
SHF_COMPRESSED section. */
compression_header_size = 12;
if (!decompress_contents (compressed_buffer + compression_header_size,
- sec->compressed_size, p, sz))
+ sec->compressed_size - compression_header_size, p, sz))
{
bfd_set_error (bfd_error_bad_value);
if (p != *ptr)