Fix runtime seg-fault in readelf when parsing a corrupt MIPS binary.
PR binutils/21344 * readelf.c (process_mips_specific): Check for an out of range GOT entry before reading the module pointer.
This commit is contained in:
parent
f32ba72991
commit
75ec1fdbb7
|
@ -1,3 +1,9 @@
|
||||||
|
2017-04-03 Nick Clifton <nickc@redhat.com>
|
||||||
|
|
||||||
|
PR binutils/21344
|
||||||
|
* readelf.c (process_mips_specific): Check for an out of range GOT
|
||||||
|
entry before reading the module pointer.
|
||||||
|
|
||||||
2017-04-03 Nick Clifton <nickc@redhat.com>
|
2017-04-03 Nick Clifton <nickc@redhat.com>
|
||||||
|
|
||||||
PR binutils/21343
|
PR binutils/21343
|
||||||
|
|
|
@ -15464,15 +15464,25 @@ process_mips_specific (FILE * file)
|
||||||
printf (_(" Lazy resolver\n"));
|
printf (_(" Lazy resolver\n"));
|
||||||
if (ent == (bfd_vma) -1)
|
if (ent == (bfd_vma) -1)
|
||||||
goto got_print_fail;
|
goto got_print_fail;
|
||||||
if (data
|
|
||||||
&& (byte_get (data + ent - pltgot, addr_size)
|
if (data)
|
||||||
>> (addr_size * 8 - 1)) != 0)
|
{
|
||||||
|
/* PR 21344 */
|
||||||
|
if (data + ent - pltgot > data_end - addr_size)
|
||||||
|
{
|
||||||
|
error (_("Invalid got entry - %#lx - overflows GOT table\n"), ent);
|
||||||
|
goto got_print_fail;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (byte_get (data + ent - pltgot, addr_size)
|
||||||
|
>> (addr_size * 8 - 1) != 0)
|
||||||
{
|
{
|
||||||
ent = print_mips_got_entry (data, pltgot, ent, data_end);
|
ent = print_mips_got_entry (data, pltgot, ent, data_end);
|
||||||
printf (_(" Module pointer (GNU extension)\n"));
|
printf (_(" Module pointer (GNU extension)\n"));
|
||||||
if (ent == (bfd_vma) -1)
|
if (ent == (bfd_vma) -1)
|
||||||
goto got_print_fail;
|
goto got_print_fail;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
printf ("\n");
|
printf ("\n");
|
||||||
|
|
||||||
if (ent < local_end)
|
if (ent < local_end)
|
||||||
|
|
Loading…
Reference in New Issue