Toolchain/binutils-gdb
1
0
Fork 0
forked from Imagelibrary/binutils-gdb
Code Pull Requests Activity

bfd_elf_parse_attr_section_v1 buffer overflow

Browse Source 
This function has a misleading parameter "contents", which usually
means an entire section contents is passed.  However in this case the
actual sections contents plus one is passed, leading to miscalculating
the end of the buffer.

	* elf-attrs.c (bfd_elf_parse_attr_section_v1): Delete hdr and
	contents param.  Add p and p_end as params.
	(_bfd_elf_parse_attributes): Adjust to suit.
This commit is contained in:
Alan Modra
2025-03-08 19:49:06 +10:30
parent 1563d43f32
commit 684f3e906c
1 changed files with 3 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bfd/elf-attrs.c
View File

@@ -490,12 +490,8 @@ _bfd_elf_obj_attrs_arg_type (bfd *abfd, int vendor, unsigned int tag)
}
static void
bfd_elf_parse_attr_section_v1 (bfd *abfd,
Elf_Internal_Shdr * hdr,
bfd_byte *contents)
bfd_elf_parse_attr_section_v1 (bfd *abfd, bfd_byte *p, bfd_byte *p_end)
{
bfd_byte *p = contents;
bfd_byte *p_end = p + hdr->sh_size;
const char *std_sec = get_elf_backend_data (abfd)->obj_attrs_vendor;
while (p_end - p >= 4)
@@ -651,9 +647,9 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
++cursor;
bfd_elf_parse_attr_section_v1 (abfd, hdr, cursor);
bfd_elf_parse_attr_section_v1 (abfd, cursor, data + hdr->sh_size);
free_data:
free_data:
free (data);
}