Fix an invalid memory access triggered by running readelf on a fuzzed binary.

author Nick Clifton <nickc@redhat.com>

Fri, 6 Feb 2015 12:59:25 +0000 (12:59 +0000)

committer Nick Clifton <nickc@redhat.com>

Fri, 6 Feb 2015 13:03:08 +0000 (13:03 +0000)
author Nick Clifton <nickc@redhat.com>
Fri, 6 Feb 2015 12:59:25 +0000 (12:59 +0000)
committer Nick Clifton <nickc@redhat.com>
Fri, 6 Feb 2015 13:03:08 +0000 (13:03 +0000)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog

index 9e682c1a90e00868b19dc31c1eb3314e7538bbb4..803bfa89b8438bab9234e1718d1a1b6eb4d10163 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -8,6 +8,8 @@
         * dwarf.c (xcmalloc): Fail if the arguments are too big.
         (xcrealloc): Likewise.
         (xcalloc2): Likewise.
+       * readelf.c (process_mips_specific): Fail if an option has an
+       invalid size.
  
  2015-02-05  Alan Modra  <amodra@gmail.com>
  
diff --git a/binutils/readelf.c b/binutils/readelf.c

index a0d6f327896df359fbb3bc1303472e2a31bc16a1..00bcb1d4bc29730e591d7d6d58d1332423ba5e97 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -13880,9 +13880,8 @@ process_mips_specific (FILE * file)
               if (option->size < sizeof (* eopt)
                   || offset + option->size > sect->sh_size)
                 {
-                 warn (_("Invalid size (%u) for MIPS option\n"), option->size);
-                 option->size = sizeof (* eopt);
-                 break;
+                 error (_("Invalid size (%u) for MIPS option\n"), option->size);
+                 return 0;
                 }
               offset += option->size;
author	Nick Clifton <nickc@redhat.com>
	Fri, 6 Feb 2015 12:59:25 +0000 (12:59 +0000)
committer	Nick Clifton <nickc@redhat.com>
	Fri, 6 Feb 2015 13:03:08 +0000 (13:03 +0000)
binutils/ChangeLog		patch \| blob \| blame \| history
binutils/readelf.c		patch \| blob \| blame \| history