Fix an illegal memory access when copying a PE format file with corrupt debug information.
PR 23110 * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for a negative PE_DEBUG_DATA size before iterating over the debug data.
This commit is contained in:
parent
0a8ddac418
commit
aa4a8c2a2a
|
@ -1,3 +1,9 @@
|
|||
2018-04-24 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
PR 23110
|
||||
* peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for
|
||||
a negative PE_DEBUG_DATA size before iterating over the debug data.
|
||||
|
||||
2018-04-23 Alan Modra <amodra@gmail.com>
|
||||
|
||||
* elf-linux-core.h: Revert last change.
|
||||
|
|
|
@ -2993,6 +2993,15 @@ _bfd_XX_bfd_copy_private_bfd_data_common (bfd * ibfd, bfd * obfd)
|
|||
(uint64_t) (section->size - (addr - section->vma)));
|
||||
return FALSE;
|
||||
}
|
||||
/* PR 23110. */
|
||||
else if (ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size < 0)
|
||||
{
|
||||
/* xgettext:c-format */
|
||||
_bfd_error_handler
|
||||
(_("%pB: Data Directory size (%#lx) is negative"),
|
||||
obfd, ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
for (i = 0; i < ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size
|
||||
/ sizeof (struct external_IMAGE_DEBUG_DIRECTORY); i++)
|
||||
|
|
6085
bfd/po/bfd.pot
6085
bfd/po/bfd.pot
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue