summaryrefslogtreecommitdiff
path: root/system/binutils/CVE-2019-9077.patch
blob: de044e3875d9f2a668aa3a230f1bc86616846dc8 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
From 7fc0c668f2aceb8582d74db1ad2528e2bba8a921 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Wed, 20 Feb 2019 17:03:47 +0000
Subject: [PATCH] Fix a illegal memory access fault when parsing a corrupt MIPS
 option section using readelf.

	PR 24243
	* readelf.c (process_mips_specific): Check for an options section
	that is too small to even contain a single option.
---
 binutils/readelf.c | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/binutils/readelf.c b/binutils/readelf.c
index 54d165e..20ebacc 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -16187,6 +16187,12 @@ process_mips_specific (Filedata * filedata)
 	  error (_("No MIPS_OPTIONS header found\n"));
 	  return FALSE;
 	}
+      /* PR 24243  */
+      if (sect->sh_size < sizeof (* eopt))
+	{
+	  error (_("The MIPS options section is too small.\n"));
+	  return FALSE;
+	}
 
       eopt = (Elf_External_Options *) get_data (NULL, filedata, options_offset, 1,
                                                 sect->sh_size, _("options"));
-- 
2.9.3