[binutils-gdb] PR23147, Heap buffer overflow in pe_print_idata
Alan Modra
amodra@sourceware.org
Wed May 9 04:50:00 GMT 2018
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=53db9cf9fc363fd8ab3a9d97cdcb2ea1f639a243
commit 53db9cf9fc363fd8ab3a9d97cdcb2ea1f639a243
Author: Alan Modra <amodra@gmail.com>
Date: Wed May 9 13:56:34 2018 +0930
PR23147, Heap buffer overflow in pe_print_idata
PR 23147
* peXXigen.c (pe_print_idata): Bound check hint_addr.
Diff:
---
bfd/ChangeLog | 5 +++++
bfd/peXXigen.c | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index e478821..f158067 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2018-05-09 Alan Modra <amodra@gmail.com>
+
+ PR 23147
+ * peXXigen.c (pe_print_idata): Bound check hint_addr.
+
2018-05-08 Nick Clifton <nickc@redhat.com>
PR 22809
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c
index 5e0acc4..b32cc18 100644
--- a/bfd/peXXigen.c
+++ b/bfd/peXXigen.c
@@ -1438,7 +1438,7 @@ pe_print_idata (bfd * abfd, void * vfile)
if (hint_addr == 0)
hint_addr = first_thunk;
- if (hint_addr != 0)
+ if (hint_addr != 0 && hint_addr - adj < datasize)
{
bfd_byte *ft_data;
asection *ft_section;
More information about the Binutils-cvs
mailing list