[2/4] readelf: Catch potential integer overflow in readelf when processing corrupt binaries.

Message ID 20191103075743.25467-3-ceggers@gmx.de
State New
Headers show
Series
  • readelf: Fixes for IN_RANGE
Related show

Commit Message

Christian Eggers Nov. 3, 2019, 7:57 a.m.
This extends Nick Cliftons patch from 2019-08-08 for PR 24829

  e17869d - Catch potential integer overflow in readelf when processing
corrupt binaries.

to all address checks using the IN_RANGE macro.

	* readelf.c (IN_RANGE): Catch potential integer overflow
	whilst checking reloc location against section size.

Signed-off-by: Christian Eggers <ceggers@gmx.de>

---
 binutils/ChangeLog | 2 ++
 binutils/readelf.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

--
2.16.4

Patch

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 16ed7ed5b0..f25e6365ba 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,6 +1,8 @@ 
 2019-11-03  Christian Eggers  <ceggers@gmx.de>

 	* readelf.c (IN_RANGE): Rename parameter OFF to SIZE.
+	* readelf.c (IN_RANGE): Catch potential integer overflow
+	whilst checking reloc location against section size.

 2019-10-20  Palmer Dabbelt  <palmer@sifive.com>

diff --git a/binutils/readelf.c b/binutils/readelf.c
index 8addb3443e..1854e866d7 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -12310,7 +12310,7 @@  process_syminfo (Filedata * filedata ATTRIBUTE_UNUSED)
 }

 #define IN_RANGE(START,END,ADDR,SIZE)		\
-  (((ADDR) >= (START)) && ((ADDR) + (SIZE) < (END)))
+  (((ADDR) >= (START)) && ((ADDR) < (END)) && ((ADDR) + (SIZE) < (END)))

 /* Check to see if the given reloc needs to be handled in a target specific
    manner.  If so then process the reloc and return TRUE otherwise return