Fix potential illegal memroy access when using a build-id note with a negative size.
PR 23316 * opncls.c (get_build_id): Check for a negative or excessive data size in the build-id note.
This commit is contained in:
parent
1d554008b3
commit
6077de0645
@ -10,6 +10,12 @@
|
||||
BFD_RELOC_AARCH64_TLSLE_LDST64_TPREL_LO12_NC,
|
||||
BFD_RELOC_AARCH64_TLSLE_LDST8_TPREL_LO12_NC.
|
||||
|
||||
2018-06-20 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
PR 23316
|
||||
* opncls.c (get_build_id): Check for a negative or excessive data
|
||||
size in the build-id note.
|
||||
|
||||
2018-06-20 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
PR 23299
|
||||
|
@ -1877,10 +1877,11 @@ get_build_id (bfd *abfd)
|
||||
inote.descdata = inote.namedata + BFD_ALIGN (inote.namesz, 4);
|
||||
/* FIXME: Should we check for extra notes in this section ? */
|
||||
|
||||
if (inote.descsz == 0
|
||||
if (inote.descsz <= 0
|
||||
|| inote.type != NT_GNU_BUILD_ID
|
||||
|| inote.namesz != 4 /* sizeof "GNU" */
|
||||
|| strncmp (inote.namedata, "GNU", 4) != 0
|
||||
|| inote.descsz > 0x7ffffffe
|
||||
|| size < (12 + BFD_ALIGN (inote.namesz, 4) + inote.descsz))
|
||||
{
|
||||
free (contents);
|
||||
|
Loading…
Reference in New Issue
Block a user