blob: 46ec0b15a36aa9013ba009f73c31d114b0afade0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Wed, 19 Oct 2022 15:09:12 +0100
Subject: [PATCH] Fix an illegal memory access when parsing an ELF file
containing corrupt symbol version information.
PR 29699
* elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field
of the section header is zero.
Upstream-Status: Backport
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70]
Signed-off-by: Pgowda <pgowda.cve@gmail.com>
---
bfd/ChangeLog | 6 ++++++
bfd/elf.c | 4 +++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/bfd/elf.c b/bfd/elf.c
index fe00e0f9189..7cd7febcf95 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
bfd_set_error (bfd_error_file_too_big);
goto error_return_verref;
}
- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt);
+ if (amt == 0)
+ goto error_return_verref;
+ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt);
if (elf_tdata (abfd)->verref == NULL)
goto error_return_verref;
--
2.31.1
|
