Created attachment 11419 [details]
malicious input that trigger the overflow
Integer-overflow bug in strip-new.
Description: There is a interger-overflow bug in binutils/bfd/elf.c:7036 IS_CONTAINED_BY_LMA(). There should be a boundary checking for this function.
Configure names: host='x86_64-pc-linux-gnu' target='x86_64-pc-linux-gnu', we also upload the config.status file in the attachment.
Options: strip-new ./integer_overflow_input -o sss
Input: file interger_overflow_input
The master branch has been updated by Nick Clifton <firstname.lastname@example.org>:
Author: Nick Clifton <email@example.com>
Date: Fri Nov 30 11:43:12 2018 +0000
Remove an abort in the bfd library and add a check for an integer overflow when mapping sections to segments.
* elf.c (IS_CONTAINED_BY_LMA): Add a check for a negative section
(rewrite_elf_program_header): If no sections are mapped into a
segment return an error.
Thanks for reporting this problem.
I have checked in a patch to resolve the issue. It adds a check for a
possible integer overflow, as you suggested, and it replaced a call to
abort with a more reasonable error return.