Fix heap-buffer address violation when reading version data from a corrupt binary.

PR binutils/21437 * readelf.c (process_version_sections): Check for underflow when computing the start address of the auxillary version data.
2017-04-28 11:21:53 +01:00 · 2017-04-28 11:21:53 +01:00 · 4e3afec278
parent d949ff5607
commit 4e3afec278
2 changed files with 9 additions and 2 deletions
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@ -1,3 +1,9 @@
+2017-04-28  Nick Clifton  <nickc@redhat.com>
+
+	PR binutils/21437
+	* readelf.c (process_version_sections): Check for underflow when
+	computing the start address of the auxillary version data.
+
 2017-04-28  Nick Clifton  <nickc@redhat.com>

 	PR binutils/21438
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@ -10178,8 +10178,9 @@ process_version_sections (FILE * file)
 		printf (_("  Index: %d  Cnt: %d  "),
 			ent.vd_ndx, ent.vd_cnt);

-		/* Check for overflow.  */
-		if (ent.vd_aux + sizeof (* eaux) > (size_t) (endbuf - vstart))
+		/* Check for overflow and underflow.  */
+		if (ent.vd_aux + sizeof (* eaux) > (size_t) (endbuf - vstart)
+		    || (vstart + ent.vd_aux < vstart))
 		  break;

 		vstart += ent.vd_aux;