Fix potential illegal memory access when parsing a corrupt PEF format file.

PR 25307 (bfd_pef_parse_function_stubs): Correct the test that ensures that there is enough data remaining in the code buffer before attempting to read a function stub.
2020-01-03 16:17:53 +00:00 · 2020-01-03 16:17:53 +00:00 · f2a3559d54
parent 7a0fb7be96
commit f2a3559d54
2 changed files with 8 additions and 1 deletions
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@ -1,3 +1,10 @@
+2020-01-03  Nick Clifton  <nickc@redhat.com>
+
+	PR 25307
+	(bfd_pef_parse_function_stubs): Correct the test that ensures that
+	there is enough data remaining in the code buffer before
+	attempting to read a function stub.
+
 2020-01-03  Nick Clifton  <nickc@redhat.com>

 	PR 25308
--- a/bfd/pef.c
+++ b/bfd/pef.c
@ -806,7 +806,7 @@ bfd_pef_parse_function_stubs (bfd *abfd,
 	  codepos += 4;
 	}

-      if ((codepos + 4) > codelen)
+      if ((codepos + 24) > codelen)
 	break;

      ret = bfd_pef_parse_function_stub (abfd, codebuf + codepos, 24, &sym_index);