Summary: | Integer overflow in coff_get_normalized_symtab | ||
---|---|---|---|
Product: | binutils | Reporter: | Mingi Cho <mgcho.minic> |
Component: | binutils | Assignee: | Not yet assigned to anyone <unassigned> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | nickc |
Priority: | P2 | ||
Version: | 2.30 | ||
Target Milestone: | --- | ||
Host: | Target: | ||
Build: | Last reconfirmed: | ||
Attachments: | poc of the crash |
Description
Mingi Cho
2017-11-02 06:00:49 UTC
The master branch has been updated by Nick Clifton <nickc@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca commit 6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca Author: Nick Clifton <nickc@redhat.com> Date: Fri Nov 3 11:55:21 2017 +0000 Fix excessive memory allocation attempts and possible integer overfloaws when attempting to read a COFF binary with a corrupt symbol count. PR 22385 * coffgen.c (_bfd_coff_get_external_symbols): Check for an overlarge raw syment count. (coff_get_normalized_symtab): Likewise. Hi Mingi, Thanks for another bug report and patch! I have applied the patch, but I also decided that a second check, in _bfd_coff_get_external_symbols, was also a good idea, so I have added that as well. Cheers Nick |