Summary: | Integer overflow in process_version_sections (readelf.c) | ||
---|---|---|---|
Product: | binutils | Reporter: | Mạnh <Imdb95> |
Component: | binutils | Assignee: | Alan Modra <amodra> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | amodra |
Priority: | P2 | ||
Version: | 2.29 | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: | 2017-08-23 00:00:00 | |
Attachments: | Crafted elf file used to trigger the bug |
Description
Mạnh
2017-08-22 14:27:20 UTC
The master branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=452bf675ea772002aa86fb1d28f3474da70ee1de commit 452bf675ea772002aa86fb1d28f3474da70ee1de Author: Alan Modra <amodra@gmail.com> Date: Wed Aug 23 15:42:12 2017 +0930 PR21990, Integer overflow in process_version_sections This tidies some of the overflow checking when processing verneed and verdef sections. PR 21990 * readelf.c (process_version_sections <SHT_GNU_verneed>): Check for invalid vn_next field before adding to idx. Use unsigned long for index vars. Move index checks. <SHT_GNU_verdef>: Likewise for vd_next. Fixed The binutils-2_29-branch branch has been updated by Nick Clifton <nickc@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=64aa1246572306b72dc479b46d13ff749b0c3236 commit 64aa1246572306b72dc479b46d13ff749b0c3236 Author: Nick Clifton <nickc@redhat.com> Date: Tue Sep 5 15:32:04 2017 +0100 Import patches from mainline to fix minor binutils bugs: PR 21861 * winduni.c (codepages): Use cp1252 for codepage 0. PR 21813 * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty string whilst concatenating symbol names. PR 21909 * prdbg.c (pr_int_type): Increase size of local string buffer. (pr_float_type): Likewise. (pr_bool_type): Likewise. PR 21820 * readelf.c (dump_section_as_strings): Do not fail if the section was empty. (dump_section_as_bytes): Likewise. PR 21990 * readelf.c (process_version_sections <SHT_GNU_verneed>): Check for invalid vn_next field before adding to idx. Use unsigned long for index vars. Move index checks. <SHT_GNU_verdef>: Likewise for vd_next. PR 21994 * readelf.c (process_version_sections <SHT_GNU_verdef>): Check vd_aux and vda_next for sanity. Delete "end". Correct overflow checks. (process_version_sections <SHT_GNU_verneed>): Correct overflow check. Don't report invalid vna_next on overflow. Do report invalid vna_next on size less than aux info. |