[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/22307] Heap out of bounds read in _bfd_elf_parse_gnu_prope
From: |
cvs-commit at gcc dot gnu.org |
Subject: |
[Bug binutils/22307] Heap out of bounds read in _bfd_elf_parse_gnu_properties() |
Date: |
Tue, 17 Oct 2017 11:43:37 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=22307
--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot
gnu.org> ---
The master branch has been updated by Alan Modra <address@hidden>:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163
commit cf54ebff3b7361989712fd9c0128a9b255578163
Author: Alan Modra <address@hidden>
Date: Tue Oct 17 21:57:29 2017 +1030
PR22307, Heap out of bounds read in _bfd_elf_parse_gnu_properties
When adding an unbounded increment to a pointer, you can't just check
against the end of the buffer but also must check that overflow
doesn't result in "negative" pointer movement. Pointer comparisons
are signed. Better, check the increment against the space left using
an unsigned comparison.
PR 22307
* elf-properties.c (_bfd_elf_parse_gnu_properties): Compare datasz
against size left rather than comparing pointers. Reorganise loop.
--
You are receiving this mail because:
You are on the CC list for the bug.