PR24435, buffer overflow reading dynamic entries
Alan Modra
amodra@gmail.com
Thu Apr 11 11:26:00 GMT 2019
PR 24435
* elflink.c (elf_link_add_object_symbols): Don't read partial
dynamic entries from fuzzed objects.
diff --git a/bfd/elflink.c b/bfd/elflink.c
index c796e27a14..8aae9808a1 100644
--- a/bfd/elflink.c
+++ b/bfd/elflink.c
@@ -4076,7 +4076,7 @@ error_free_dyn:
shlink = elf_elfsections (abfd)[elfsec]->sh_link;
for (extdyn = dynbuf;
- extdyn < dynbuf + s->size;
+ extdyn <= dynbuf + s->size - bed->s->sizeof_dyn;
extdyn += bed->s->sizeof_dyn)
{
Elf_Internal_Dyn dyn;
--
Alan Modra
Australia Development Lab, IBM
More information about the Binutils
mailing list