Summary: | Heap-buffer-overflow problem in function Sec_merge_hash_lookup in merge.c, as demonstrated by "ld -E" | ||
---|---|---|---|
Product: | binutils | Reporter: | wcventure <wcventure> |
Component: | binutils | Assignee: | Alan Modra <amodra> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 2.31 | ||
Target Milestone: | 2.32 | ||
Host: | Target: | ||
Build: | Last reconfirmed: | 2018-10-23 00:00:00 | |
Attachments: |
POC1
POC2 |
Description
wcventure
2018-10-21 10:22:23 UTC
Created attachment 11356 [details]
POC2
Please use the "./ld -E $POC" to reproduce the bug.
This bug was discovered by NTU Cyber-Security-Lab. If you have any questions,
please let me know.
The master branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61 commit ab419ddbb2cdd17ca83618990f2cacf904ce1d61 Author: Alan Modra <amodra@gmail.com> Date: Tue Oct 23 18:29:24 2018 +1030 PR23804, buffer overflow in sec_merge_hash_lookup PR 23804 * merge.c (_bfd_add_merge_section): Don't attempt to merge sections where size is not a multiple of entsize. Fixed |