rpms / binutils

Clone
Source Code
GIT

Blame SOURCES/binutils-rh1260158.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8-sig-altarch-armhfp c8s c9 c9-beta
  1.   4910d4899eb386109b182cef498498c6f5cc7e3f
  2.   SOURCES
  3.   binutils-rh1260158.patch
Blob History Raw
4910d4 
--- binutils-2.25.1.orig/binutils/readelf.c	2016-01-29 09:54:29.389813964 +0000
4910d4 
+++ binutils-2.25.1/binutils/readelf.c	2016-01-29 09:56:46.388746615 +0000
4910d4 
@@ -7220,7 +7220,10 @@ get_unwind_section_word (struct arm_unw_
4910d4 
     return FALSE;
4910d4
4910d4 
   /* If the offset is invalid then fail.  */
4910d4 
-  if (word_offset > sec->sh_size - 4)
4910d4 
+  if (word_offset > (sec->sh_size - 4)
4910d4 
+      /* PR 18879 */
4910d4 
+      || (sec->sh_size < 5 && word_offset >= sec->sh_size)
4910d4 
+      || ((bfd_signed_vma) word_offset) < 0)
4910d4 
     return FALSE;
4910d4
4910d4 
   /* Get the word at the required offset.  */
4910d4 
@@ -7990,6 +7993,15 @@ dump_arm_unwind (struct arm_unw_aux_info
4910d4 
 	    {
4910d4 
 	      table_sec = section_headers + entry_addr.section;
4910d4 
 	      table_offset = entry_addr.offset;
4910d4 
+	      /* PR 18879 */
4910d4 
+	      if (table_offset > table_sec->sh_size
4910d4 
+		  || ((bfd_signed_vma) table_offset) < 0)
4910d4 
+		{
4910d4 
+		  warn (_("Unwind entry contains corrupt offset (0x%lx) into section %s\n"),
4910d4 
+			(unsigned long) table_offset,
4910d4 
+			printable_section_name (table_sec));
4910d4 
+		  continue;
4910d4 
+		}
4910d4 
 	    }
4910d4 
 	  else
4910d4 
 	    {

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation