binutils/binutils-CVE-2018-7568.patch

40 lines
1.1 KiB
Diff

--- binutils.orig/bfd/dwarf1.c 2018-07-11 11:45:09.482030157 +0100
+++ binutils-2.29/bfd/dwarf1.c 2018-07-11 11:48:19.564980423 +0100
@@ -208,6 +208,7 @@ parse_die (bfd * abfd,
/* Then the attributes. */
while (xptr < (this_die + aDieInfo->length))
{
+ unsigned int block_len;
unsigned short attr;
/* Parse the attribute based on its form. This section
@@ -243,10 +244,26 @@ parse_die (bfd * abfd,
xptr += 4;
break;
case FORM_BLOCK2:
- xptr += 2 + bfd_get_16 (abfd, (bfd_byte *) xptr);
+ if (xptr + 2 <= aDiePtrEnd)
+ {
+ block_len = bfd_get_16 (abfd, xptr);
+ if (xptr + block_len > aDiePtrEnd
+ || xptr + block_len < xptr)
+ return FALSE;
+ xptr += block_len;
+ }
+ xptr += 2;
break;
case FORM_BLOCK4:
- xptr += 4 + bfd_get_32 (abfd, (bfd_byte *) xptr);
+ if (xptr + 4 <= aDiePtrEnd)
+ {
+ block_len = bfd_get_32 (abfd, xptr);
+ if (xptr + block_len > aDiePtrEnd
+ || xptr + block_len < xptr)
+ return FALSE;
+ xptr += block_len;
+ }
+ xptr += 4;
break;
case FORM_STRING:
if (attr == AT_name)