Summary: | heap-buffer-overflow in bfd_getl64 | ||
---|---|---|---|
Product: | binutils | Reporter: | Alexandre Adamski <aadamski> |
Component: | binutils | Assignee: | Not yet assigned to anyone <unassigned> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | nickc |
Priority: | P2 | ||
Version: | 2.29 | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: | ||
Attachments: |
testcase
report |
Description
Alexandre Adamski
2017-06-13 21:23:53 UTC
Created attachment 10124 [details]
testcase
Created attachment 10125 [details]
report
Additional Information: The command used was `objdump -D <file>`. The compilation flags used were `-g -O2 -fno-omit-frame-pointer -fsanitize=address -fno-sanitize-recover=undefined`. The configuration settings used were `--enable-targets=all --disable-shared`. The master branch has been updated by Nick Clifton <nickc@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c53d2e6d744da000aaafe0237bced090aab62818 commit c53d2e6d744da000aaafe0237bced090aab62818 Author: Nick Clifton <nickc@redhat.com> Date: Wed Jun 14 11:27:15 2017 +0100 Fix potential address violations when processing a corrupt Alpha VMA binary. PR binutils/21589 * vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the maximum value for the ascic pointer. Check that name processing does not read beyond this value. (_bfd_vms_slurp_etir): Add checks for attempts to read beyond the end of etir record. Hi Aadamski, Thanks for reporting this bug. There were several places in the VMS parsing code where potential address violations could happen. I have checked in a patch which I hope will address them all. Cheers Nick |