Catch potential integer overflow in readelf when processing corrupt binaries.

author Nick Clifton <nickc@redhat.com>

Mon, 5 Aug 2019 09:40:35 +0000 (10:40 +0100)

committer Nick Clifton <nickc@redhat.com>

Mon, 5 Aug 2019 09:40:35 +0000 (10:40 +0100)
author Nick Clifton <nickc@redhat.com>
Mon, 5 Aug 2019 09:40:35 +0000 (10:40 +0100)
committer Nick Clifton <nickc@redhat.com>
Mon, 5 Aug 2019 09:40:35 +0000 (10:40 +0100)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog

index f3dc48c85df90b1cf3356e7af1c5aa7587852253..22a7828d9c94f59ac5c5c0b83afab6e3587e9b56 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2019-08-05  Nick Clifton  <nickc@redhat.com>
+
+       PR 24829
+       * readelf.c (apply_relocations): Catch potential integer overflow
+       whilst checking reloc location against section size.
+
  2019-08-02  Alan Modra  <amodra@gmail.com>
  
         PR 24871
diff --git a/binutils/readelf.c b/binutils/readelf.c

index b896ad9f40689ffa840d50d636cba8a942ed1baa..e785fde43e7c0de796dd77e1e689826370a3e4c6 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -13366,7 +13366,7 @@ apply_relocations (Filedata *                 filedata,
             }
  
           rloc = start + rp->r_offset;
-         if ((rloc + reloc_size) > end || (rloc < start))
+         if (rloc >= end || (rloc + reloc_size) > end || (rloc < start))
             {
               warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
                     (unsigned long) rp->r_offset,
author	Nick Clifton <nickc@redhat.com>
	Mon, 5 Aug 2019 09:40:35 +0000 (10:40 +0100)
committer	Nick Clifton <nickc@redhat.com>
	Mon, 5 Aug 2019 09:40:35 +0000 (10:40 +0100)
binutils/ChangeLog		patch \| blob \| blame \| history
binutils/readelf.c		patch \| blob \| blame \| history