OpenE2K
/
binutils-gdb
12
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

PR23946, illegal memory access in readelf.c:slurp_ia64_unwind_table 

PR 23946
	* readelf.c (slurp_ia64_unwind_table): Bounds check symbol index
	on reloc.
	(slurp_hppa_unwind_table): Likewise.
This commit is contained in:
Alan Modra 2018-12-01 21:52:37 +10:30
parent 726bd37d6c
commit 4770fb94ee
2 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
binutils/ChangeLog
View File

@ -1,3 +1,10 @@
2018-12-01 Alan Modra <amodra@gmail.com>
PR 23946
* readelf.c (slurp_ia64_unwind_table): Bounds check symbol index
on reloc.
(slurp_hppa_unwind_table): Likewise.
2018-12-01 Alan Modra <amodra@gmail.com>
PR 23945

22
binutils/readelf.c
View File

@ -7597,9 +7597,9 @@ slurp_ia64_unwind_table (Filedata * filedata,
for (rp = rela; rp < rela + nrelas; ++rp)
{
unsigned int sym_ndx;
unsigned int r_type = get_reloc_type (filedata, rp->r_info);
relname = elf_ia64_reloc_type (r_type);
sym = aux->symtab + get_reloc_symindex (rp->r_info);
/* PR 17531: file: 9fa67536. */
if (relname == NULL)
@ -7623,6 +7623,15 @@ slurp_ia64_unwind_table (Filedata * filedata,
continue;
}
sym_ndx = get_reloc_symindex (rp->r_info);
if (sym_ndx >= aux->nsyms)
{
warn (_("Skipping reloc with invalid symbol index: %u\n"),
sym_ndx);
continue;
}
sym = aux->symtab + sym_ndx;
switch (rp->r_offset / eh_addr_size % 3)
{
case 0:
@ -8053,9 +8062,9 @@ slurp_hppa_unwind_table (Filedata * filedata,
for (rp = rela; rp < rela + nrelas; ++rp)
{
unsigned int sym_ndx;
unsigned int r_type = get_reloc_type (filedata, rp->r_info);
relname = elf_hppa_reloc_type (r_type);
sym = aux->symtab + get_reloc_symindex (rp->r_info);
if (relname == NULL)
{
@ -8077,6 +8086,15 @@ slurp_hppa_unwind_table (Filedata * filedata,
continue;
}
sym_ndx = get_reloc_symindex (rp->r_info);
if (sym_ndx >= aux->nsyms)
{
warn (_("Skipping reloc with invalid symbol index: %u\n"),
sym_ndx);
continue;
}
sym = aux->symtab + sym_ndx;
switch ((rp->r_offset % unw_ent_size) / 4)
{
case 0: