mirror/binutils-gdb
2
0
Fork 0
mirror of https://sourceware.org/git/binutils-gdb.git synced 2025-02-17 13:10:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix out-of-bounds access in elf.c:find_link

Browse Source 
The out-of-bounds access is reproducible on 'ia64-strip' command
(see sample from https://bugs.gentoo.org/show_bug.cgi?id=622500)

The output file contains less section than original one.
This tricks 'hint' access to go out-of-bounds:

	* elf.c (find_link): Bounds check "hint".
This commit is contained in:
Sergei Trofimovich 2017-06-24 18:40:41 +01:00 committed by Alan Modra
parent b21351faa2
commit 5cc4ca837d
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bfd/ChangeLog
View File

@ -1,3 +1,7 @@
2017-06-25 Sergei Trofimovich <slyfox@gentoo.org>
* elf.c (find_link): Bounds check "hint".
2017-06-24 Thomas Preud'homme <thomas.preudhomme@arm.com>
* elf32-arm.c (using_thumb_only): Update list of architectures in

6
bfd/elf.c
View File

@ -1283,7 +1283,8 @@ section_match (const Elf_Internal_Shdr * a,
to be the correct section. */
static unsigned int
find_link (const bfd * obfd, const Elf_Internal_Shdr * iheader, const unsigned int hint)
find_link (const bfd *obfd, const Elf_Internal_Shdr *iheader,
const unsigned int hint)
{
Elf_Internal_Shdr ** oheaders = elf_elfsections (obfd);
unsigned int i;
@ -1291,7 +1292,8 @@ find_link (const bfd * obfd, const Elf_Internal_Shdr * iheader, const unsigned i
BFD_ASSERT (iheader != NULL);
/* See PR 20922 for a reproducer of the NULL test. */
if (oheaders[hint] != NULL
if (hint < elf_numsections (obfd)
&& oheaders[hint] != NULL
&& section_match (oheaders[hint], iheader))
return hint;