Fix potential illegal memroy access when using a build-id note with a negative size.

PR 23316 * opncls.c (get_build_id): Check for a negative or excessive data size in the build-id note.
author: Nick Clifton <nickc@redhat.com> 2018-06-20 16:30:05 +0100
committer: Nick Clifton <nickc@redhat.com> 2018-06-20 16:30:05 +0100
commit: 6077de0645ce12a9c4e99f8839a846b42a535b0a (patch)
tree: 475cbc867cc962b2f7f4b4f055d220acc7e86994 /bfd/opncls.c
parent: 1d554008b3747c6ccaa8e3a08cc797cfade242f3 (diff)
download: binutils-gdb-6077de0645ce12a9c4e99f8839a846b42a535b0a.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/bfd/opncls.c b/bfd/opncls.c
index 16b568c8ab2..e27504545cf 100644
--- a/bfd/opncls.c
+++ b/bfd/opncls.c
@@ -1877,10 +1877,11 @@ get_build_id (bfd *abfd)
   inote.descdata = inote.namedata + BFD_ALIGN (inote.namesz, 4);
   /* FIXME: Should we check for extra notes in this section ?  */
 
-  if (inote.descsz == 0
+  if (inote.descsz <= 0
       || inote.type != NT_GNU_BUILD_ID
       || inote.namesz != 4 /* sizeof "GNU"  */
       || strncmp (inote.namedata, "GNU", 4) != 0
+      || inote.descsz > 0x7ffffffe
       || size < (12 + BFD_ALIGN (inote.namesz, 4) + inote.descsz))
     {
       free (contents);
author	Nick Clifton <nickc@redhat.com>	2018-06-20 16:30:05 +0100
committer	Nick Clifton <nickc@redhat.com>	2018-06-20 16:30:05 +0100
commit	6077de0645ce12a9c4e99f8839a846b42a535b0a (patch)
tree	475cbc867cc962b2f7f4b4f055d220acc7e86994 /bfd/opncls.c
parent	1d554008b3747c6ccaa8e3a08cc797cfade242f3 (diff)
download	binutils-gdb-6077de0645ce12a9c4e99f8839a846b42a535b0a.tar.gz