darkkirb/old-cross-binutils
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Correct readelf dynamic section buffer overlow test

Browse source 
PR binutils/18672
	* readelf.c (get_32bit_dynamic_section): Correct buffer limit test.
	(get_64bit_dynamic_section): Likewise.
This commit is contained in:
Alan Modra 2015-07-17 00:13:22 +09:30
parent 77a69ff840
commit 53c3012ccc
2 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
binutils/ChangeLog
View file

@ -1,3 +1,9 @@
2015-07-16 Alan Modra <amodra@gmail.com>
PR binutils/18672
* readelf.c (get_32bit_dynamic_section): Correct buffer limit test.
(get_64bit_dynamic_section): Likewise.
2015-07-14 H.J. Lu <hongjiu.lu@intel.com>
* objcopy.c (copy_file): Set BFD_COMPRESS_GABI if not

6
binutils/readelf.c
View file

@ -8683,7 +8683,7 @@ get_32bit_dynamic_section (FILE * file)
might not have the luxury of section headers. Look for the DT_NULL
terminator to determine the number of entries. */
for (ext = edyn, dynamic_nent = 0;
(char *) ext < (char *) edyn + dynamic_size - sizeof (* entry);
(char *) (ext + 1) <= (char *) edyn + dynamic_size;
ext++)
{
dynamic_nent++;
@ -8731,8 +8731,8 @@ get_64bit_dynamic_section (FILE * file)
might not have the luxury of section headers. Look for the DT_NULL
terminator to determine the number of entries. */
for (ext = edyn, dynamic_nent = 0;
/* PR 17533 file: 033-67080-0.004 - do not read off the end of the buffer. */
(char *) ext < ((char *) edyn) + dynamic_size - sizeof (* ext);
/* PR 17533 file: 033-67080-0.004 - do not read past end of buffer. */
(char *) (ext + 1) <= (char *) edyn + dynamic_size;
ext++)
{
dynamic_nent++;