View | Details | Raw Unified | Return to bug 17531 | Differences between
and this patch

Collapse All | Expand All

(-)a/binutils/readelf.c (-1 / +13 lines)
Lines 4760-4765 get_32bit_elf_symbols (FILE * file, Link Here
4760
                                                   _("symbol table section indicies"));
4760
                                                   _("symbol table section indicies"));
4761
      if (shndx == NULL)
4761
      if (shndx == NULL)
4762
	goto exit_point;
4762
	goto exit_point;
4763
      /* PR17531: file: heap-buffer-overflow */
4764
      else if (symtab_shndx_hdr->sh_size / sizeof(Elf_External_Sym_Shndx) < number)
4765
	{
4766
	  error (_("Invalid sh_size\n"));
4767
	  goto exit_point;
4768
	}
4763
    }
4769
    }
4764
4770
4765
  isyms = (Elf_Internal_Sym *) cmalloc (number, sizeof (Elf_Internal_Sym));
4771
  isyms = (Elf_Internal_Sym *) cmalloc (number, sizeof (Elf_Internal_Sym));
Lines 5762-5767 process_section_groups (FILE * file) Link Here
5762
		? strtab + sym->st_name : _("<corrupt>");
5768
		? strtab + sym->st_name : _("<corrupt>");
5763
	    }
5769
	    }
5764
5770
5771
	  /* PR 17531: file: loop */
5772
	  if (section->sh_entsize > section->sh_size)
5773
	    {
5774
	      error (_("Invalid sh_entsize\n"));
5775
	      break;
5776
	    }
5777
5765
	  start = (unsigned char *) get_data (NULL, file, section->sh_offset,
5778
	  start = (unsigned char *) get_data (NULL, file, section->sh_offset,
5766
                                              1, section->sh_size,
5779
                                              1, section->sh_size,
5767
                                              _("section data"));
5780
                                              _("section data"));
5768
- 

Return to bug 17531