From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001 From: Nick Clifton <nickc@redhat.com> Date: Mon, 5 Aug 2019 10:40:35 +0100 Subject: [PATCH] Catch potential integer overflow in readelf when processing corrupt binaries. PR 24829 * readelf.c (apply_relocations): Catch potential integer overflow whilst checking reloc location against section size. --- binutils/readelf.c | 2 +- diff --git a/binutils/readelf.c b/binutils/readelf.c index b896ad9..e785fde 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -13366,7 +13366,7 @@ apply_relocations (Filedata * filedata, } rloc = start + rp->r_offset; - if ((rloc + reloc_size) > end || (rloc < start)) + if (rloc >= end || (rloc + reloc_size) > end || (rloc < start)) { warn (_("skipping invalid relocation offset 0x%lx in section %s\n"), (unsigned long) rp->r_offset, -- 2.9.3