This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
PR24876, readelf: heap-buffer-overflow in dump_ia64_unwind
- From: Alan Modra <amodra at gmail dot com>
- To: binutils at sourceware dot org
- Date: Wed, 7 Aug 2019 11:59:35 +0930
- Subject: PR24876, readelf: heap-buffer-overflow in dump_ia64_unwind
PR 24876
* readelf.c (dump_ia64_unwind): Check that buffer is large
enough for "stamp" before reading.
diff --git a/binutils/readelf.c b/binutils/readelf.c
index e785fde43e..5e18734f10 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -7574,7 +7574,8 @@ dump_ia64_unwind (Filedata * filedata, struct ia64_unw_aux_info * aux)
}
offset -= aux->info_addr;
/* PR 17531: file: 0997b4d1. */
- if (offset >= aux->info_size)
+ if (offset >= aux->info_size
+ || aux->info_size - offset < 8)
{
warn (_("Invalid offset %lx in table entry %ld\n"),
(long) tp->info.offset, (long) (tp - aux->table));
--
Alan Modra
Australia Development Lab, IBM