Prevent a potential illegal memory access in readelf when parsing a note with a zero name size.

PR 24131
	* readelf.c (process_notes_at): Prevent an illegal memory access
	when the note's namesize is zero.
	(decode_tic6x_unwind_bytecode): Add code to handle the case where
	no registers are specified in a frame pop instruction.
This commit is contained in:
Nick Clifton 2019-01-25 13:16:06 +00:00
parent 9ed1348c20
commit 183445093e
2 changed files with 28 additions and 13 deletions

View File

@ -1,3 +1,11 @@
2019-01-25 Nick Clifton <nickc@redhat.com>
PR 24131
* readelf.c (process_notes_at): Prevent an illegal memory access
when the note's namesize is zero.
(decode_tic6x_unwind_bytecode): Add code to handle the case where
no registers are specified in a frame pop instruction.
2019-01-25 Nick Clifton <nickc@redhat.com>
* po/bg.po: Updated Bulgarian translation.

View File

@ -8852,6 +8852,12 @@ decode_tic6x_unwind_bytecode (Filedata * filedata,
}
printf (_("pop frame {"));
if (nregs == 0)
{
printf (_("*corrupt* - no registers specified"));
}
else
{
reg = nregs - 1;
for (i = i * 2; i > 0; i--)
{
@ -8868,6 +8874,7 @@ decode_tic6x_unwind_bytecode (Filedata * filedata,
if (i > 1)
printf (", ");
}
}
printf ("}");
}
@ -18741,7 +18748,7 @@ process_notes_at (Filedata * filedata,
one version of Linux (RedHat 6.0) generates corefiles that don't
comply with the ELF spec by failing to include the null byte in
namesz. */
if (inote.namedata[inote.namesz - 1] != '\0')
if (inote.namesz > 0 && inote.namedata[inote.namesz - 1] != '\0')
{
if ((size_t) (inote.descdata - inote.namedata) == inote.namesz)
{