[patch bfd]: Prevent possible buffer overflow on pdata-section sorting
Kai Tietz
ktietz70@googlemail.com
Thu Apr 7 05:55:00 GMT 2011
2011/4/7 Alan Modra <amodra@gmail.com>:
> On Wed, Apr 06, 2011 at 06:50:15PM +0200, Kai Tietz wrote:
>> Hello,
>>
>> this issue was reported by H. Becker to me. He found that the code in
>> peXXigen.c about pdata-section sorting might cause a buffer-overrun
>> for large pdata-data. By working in private allocated buffer -
>> instead of using the pfinfo->contents - avoids this.
>>
>> ChangeLog
>>
>> 2011-04-06 Kai Tietz
>>
>> * peXXigen.c (_bfd_XXi_final_link_postscripte): Sort pdata in temporary
>> buffer.
>>
>> Tested for x86_64-w64-mingw32. Ok for apply?
>>
>> Regards,
>> Kai
>
>> Index: src/bfd/peXXigen.c
>> ===================================================================
>> --- src.orig/bfd/peXXigen.c 2010-12-21 19:33:07.000000000 +0100
>> +++ src/bfd/peXXigen.c 2011-04-06 18:19:45.945394800 +0200
>> @@ -2459,14 +2459,22 @@ _bfd_XXi_final_link_postscript (bfd * ab
>> if (sec)
>> {
>> bfd_size_type x = sec->rawsize ? sec->rawsize : sec->size;
>
> Since this is an output section, this should just be sec->size I
> think. See section.c rawsize comment.
Well, the cause for using here raw_size (I will look into section.c to
read the comment there9 was that we need to sort without alignment. As
it is an output-section, its size might be padded already with
alignment fill, which shouldn't be sorted. But you might be right
here that size is suitable.
Kai
More information about the Binutils
mailing list