Summary: | Integer overflow in pe_bfd_read_buildid() | ||
---|---|---|---|
Product: | binutils | Reporter: | Mingi Cho <mgcho.minic> |
Component: | binutils | Assignee: | Not yet assigned to anyone <unassigned> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | nickc |
Priority: | P2 | ||
Version: | 2.30 | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: | ||
Attachments: | POC of the crash |
Description
Mingi Cho
2017-10-31 05:01:26 UTC
The master branch has been updated by Nick Clifton <nickc@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b commit 0bb6961f18b8e832d88b490d421ca56cea16c45b Author: Nick Clifton <nickc@redhat.com> Date: Tue Oct 31 14:29:40 2017 +0000 Fix illegal memory access triggered when parsing a PE binary with a corrupt data dictionary. PR 22373 * peicode.h (pe_bfd_read_buildid): Check for invalid size and data offset values. Hi Mingi, Thank you for reporting this bug, and for providing a patch as well. I have checked in a variant of your patch, since it occurred to me that the dataoff value might also be excessively large, and this would not have been caught by either the original code or your patch. Cheers Nick The master branch has been updated by Nick Clifton <nickc@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e0115a844607b280449986e661f551dff49a9031 commit e0115a844607b280449986e661f551dff49a9031 Author: Nick Clifton <nickc@redhat.com> Date: Wed Nov 1 12:37:33 2017 +0000 Update check for invalid values in pe_bfd_read_buildid function. PR 22373 * peicode.h (pe_bfd_read_buildid): Revise check for invalid size and offset in light of further possible bogus values. |