summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'binutils')
-rw-r--r--binutils/ChangeLog6
-rw-r--r--binutils/dwarf.c13
2 files changed, 18 insertions, 1 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 1b63c7d0184..5219cb129e9 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2018-04-17 Nick Clifton <nickc@redhat.com>
+
+ PR 23064
+ * dwarf.c (process_cu_tu_index): Test for a potential buffer
+ overrun before copying signature pointer.
+
2018-04-17 Alan Modra <amodra@gmail.com>
* readelf.c: Revert 2018-04-16 and 2018-04-11 changes.
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 10b4e284ce3..f94f5b2fe69 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -9287,7 +9287,18 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
}
if (!do_display)
- memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t));
+ {
+ size_t num_copy = sizeof (uint64_t);
+
+ /* PR 23064: Beware of buffer overflow. */
+ if (ph + num_copy < limit)
+ memcpy (&this_set[row - 1].signature, ph, num_copy);
+ else
+ {
+ warn (_("Signature (%p) extends beyond end of space in section\n"), ph);
+ return 0;
+ }
+ }
prow = poffsets + (row - 1) * ncols * 4;
/* PR 17531: file: b8ce60a8. */