Summary: | size: Heap buffer overflow in _bfd_archive_64_bit_slurp_armap | ||
---|---|---|---|
Product: | binutils | Reporter: | spinpx <spinpx> |
Component: | binutils | Assignee: | Alan Modra <amodra> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | pereezdprofiss |
Priority: | P2 | ||
Version: | 2.33 | ||
Target Milestone: | 2.33 | ||
Host: | Target: | ||
Build: | Last reconfirmed: | 2019-02-19 00:00:00 | |
Attachments: | input triggers the bug |
Description
spinpx
2019-02-19 12:21:21 UTC
Created attachment 11618 [details]
input triggers the bug
The master branch has been updated by Alan Modra <amodra@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8abac8031ed369a2734b1cdb7df28a39a54b4b49 commit 8abac8031ed369a2734b1cdb7df28a39a54b4b49 Author: Alan Modra <amodra@gmail.com> Date: Wed Feb 20 08:21:24 2019 +1030 PR24236, Heap buffer overflow in _bfd_archive_64_bit_slurp_armap PR 24236 * archive64.c (_bfd_archive_64_bit_slurp_armap): Move code adding sentinel NUL to string buffer nearer to loop where it is used. Don't go past sentinel when scanning strings, and don't write NUL again. * archive.c (do_slurp_coff_armap): Simplify string handling to archive64.c style. Fixed CVE-2019-9075 )) |