diff options
author | Nick Clifton <nickc@redhat.com> | 2018-04-24 16:31:27 +0100 |
---|---|---|
committer | Andreas K. Hüttel <dilfridge@gentoo.org> | 2018-12-04 23:51:08 +0100 |
commit | 727333802dae257b1d68c2baaefa583a15a92bf5 (patch) | |
tree | e957292676688426c9248726c557b0dcf01322e9 | |
parent | Fix an illegal memory access when trying to copy an ELF binary with corrupt s... (diff) | |
download | binutils-gdb-727333802dae257b1d68c2baaefa583a15a92bf5.tar.gz binutils-gdb-727333802dae257b1d68c2baaefa583a15a92bf5.tar.bz2 binutils-gdb-727333802dae257b1d68c2baaefa583a15a92bf5.zip |
Fix an illegal memory access when copying a PE format file with corrupt debug information.
PR 23110
* peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for
a negative PE_DEBUG_DATA size before iterating over the debug data.
(cherry picked from commit aa4a8c2a2a67545e90c877162c53cc9de42dc8b4)
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
-rw-r--r-- | bfd/peXXigen.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c index 679dabf4cf0..a60603b562d 100644 --- a/bfd/peXXigen.c +++ b/bfd/peXXigen.c @@ -2991,6 +2991,15 @@ _bfd_XX_bfd_copy_private_bfd_data_common (bfd * ibfd, bfd * obfd) bfd_get_section_size (section) - (addr - section->vma)); return FALSE; } + /* PR 23110. */ + else if (ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size < 0) + { + /* xgettext:c-format */ + _bfd_error_handler + (_("%pB: Data Directory size (%#lx) is negative"), + obfd, ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size); + return FALSE; + } for (i = 0; i < ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size / sizeof (struct external_IMAGE_DEBUG_DIRECTORY); i++) |