summaryrefslogtreecommitdiff
path: root/system/binutils/CVE-2019-9074.patch
blob: 74b6c204013940ce23702b8897987f0af1d0bf20 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
From 179f2db0d9c397d7dd8a59907b84208b79f7f48c Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Tue, 19 Feb 2019 22:48:44 +1030
Subject: [PATCH] PR24235, Read memory violation in pei-x86_64.c

	PR 24235
	* pei-x86_64.c (pex64_bfd_print_pdata_section): Correct checks
	attempting to prevent read past end of section.
---
 bfd/pei-x86_64.c | 9 ++++-----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/bfd/pei-x86_64.c b/bfd/pei-x86_64.c
index ff1093c..7e75104 100644
--- a/bfd/pei-x86_64.c
+++ b/bfd/pei-x86_64.c
@@ -541,7 +541,7 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section)
   /* virt_size might be zero for objects.  */
   if (stop == 0 && strcmp (abfd->xvec->name, "pe-x86-64") == 0)
     {
-      stop = (datasize / onaline) * onaline;
+      stop = datasize;
       virt_size_is_zero = TRUE;
     }
   else if (datasize < stop)
@@ -551,8 +551,8 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section)
 		 _("Warning: %s section size (%ld) is smaller than virtual size (%ld)\n"),
 		 pdata_section->name, (unsigned long) datasize,
 		 (unsigned long) stop);
-	/* Be sure not to read passed datasize.  */
-	stop = datasize / onaline;
+	/* Be sure not to read past datasize.  */
+	stop = datasize;
       }
 
   /* Display functions table.  */
@@ -724,8 +724,7 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section)
 	      altent += imagebase;
 
 	      if (altent >= pdata_vma
-		  && (altent + PDATA_ROW_SIZE <= pdata_vma
-		      + pei_section_data (abfd, pdata_section)->virt_size))
+		  && altent - pdata_vma + PDATA_ROW_SIZE <= stop)
 		{
 		  pex64_get_runtime_function
 		    (abfd, &arf, &pdata[altent - pdata_vma]);
-- 
2.9.3