This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

PR24876, readelf: heap-buffer-overflow in dump_ia64_unwind

From: Alan Modra <amodra at gmail dot com>
To: binutils at sourceware dot org
Date: Wed, 7 Aug 2019 11:59:35 +0930
Subject: PR24876, readelf: heap-buffer-overflow in dump_ia64_unwind

	PR 24876
	* readelf.c (dump_ia64_unwind): Check that buffer is large
	enough for "stamp" before reading.

diff --git a/binutils/readelf.c b/binutils/readelf.c
index e785fde43e..5e18734f10 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -7574,7 +7574,8 @@ dump_ia64_unwind (Filedata * filedata, struct ia64_unw_aux_info * aux)
 	}
       offset -= aux->info_addr;
       /* PR 17531: file: 0997b4d1.  */
-      if (offset >= aux->info_size)
+      if (offset >= aux->info_size
+	  || aux->info_size - offset < 8)
 	{
 	  warn (_("Invalid offset %lx in table entry %ld\n"),
 		(long) tp->info.offset, (long) (tp - aux->table));

-- 
Alan Modra
Australia Development Lab, IBM

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]