mirrors/binutils-gdb
1
0
Fork 0
mirror of https://sourceware.org/git/binutils-gdb.git synced 2024-11-24 02:24:46 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

PR23685, buffer overflow

Browse Source 
PR 23685
	* peXXigen.c (pe_print_edata): Correct export address table
	overflow checks.  Check dataoff against section size too.
This commit is contained in:
Alan Modra 2018-09-20 18:23:17 +09:30
parent 4206c05ea1
commit cf93e9c2cf
2 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bfd/ChangeLog
View File

@ -1,3 +1,9 @@
2018-09-20 Alan Modra <amodra@gmail.com>
PR 23685
* peXXigen.c (pe_print_edata): Correct export address table
overflow checks. Check dataoff against section size too.
2018-09-20 Alan Modra <amodra@gmail.com>
PR 23686

11
bfd/peXXigen.c
View File

@ -1661,7 +1661,8 @@ pe_print_edata (bfd * abfd, void * vfile)
dataoff = addr - section->vma;
datasize = extra->DataDirectory[PE_EXPORT_TABLE].Size;
if (datasize > section->size - dataoff)
if (dataoff > section->size
|| datasize > section->size - dataoff)
{
fprintf (file,
_("\nThere is an export table in %s, but it does not fit into that section\n"),
@ -1778,11 +1779,11 @@ pe_print_edata (bfd * abfd, void * vfile)
edt.base);
/* PR 17512: Handle corrupt PE binaries. */
if (edt.eat_addr + (edt.num_functions * 4) - adj >= datasize
/* PR 17512 file: 140-165018-0.004. */
if (edt.eat_addr - adj >= datasize
/* PR 17512: file: 092b1829 */
|| (edt.num_functions * 4) < edt.num_functions
/* PR 17512 file: 140-165018-0.004. */
|| data + edt.eat_addr - adj < data)
|| (edt.num_functions + 1) * 4 < edt.num_functions
|| edt.eat_addr - adj + (edt.num_functions + 1) * 4 > datasize)
fprintf (file, _("\tInvalid Export Address Table rva (0x%lx) or entry count (0x%lx)\n"),
(long) edt.eat_addr,
(long) edt.num_functions);