Fix potential illegal memroy access when using a build-id note with a negative size.

PR 23316
	* opncls.c (get_build_id): Check for a negative or excessive data
	size in the build-id note.
This commit is contained in:
Nick Clifton 2018-06-20 16:30:05 +01:00
parent 1d554008b3
commit 6077de0645
2 changed files with 8 additions and 1 deletions

View File

@ -10,6 +10,12 @@
BFD_RELOC_AARCH64_TLSLE_LDST64_TPREL_LO12_NC,
BFD_RELOC_AARCH64_TLSLE_LDST8_TPREL_LO12_NC.
2018-06-20 Nick Clifton <nickc@redhat.com>
PR 23316
* opncls.c (get_build_id): Check for a negative or excessive data
size in the build-id note.
2018-06-20 Nick Clifton <nickc@redhat.com>
PR 23299

View File

@ -1877,10 +1877,11 @@ get_build_id (bfd *abfd)
inote.descdata = inote.namedata + BFD_ALIGN (inote.namesz, 4);
/* FIXME: Should we check for extra notes in this section ? */
if (inote.descsz == 0
if (inote.descsz <= 0
|| inote.type != NT_GNU_BUILD_ID
|| inote.namesz != 4 /* sizeof "GNU" */
|| strncmp (inote.namedata, "GNU", 4) != 0
|| inote.descsz > 0x7ffffffe
|| size < (12 + BFD_ALIGN (inote.namesz, 4) + inote.descsz))
{
free (contents);