| From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001 |
| From: Nick Clifton <nickc@redhat.com> |
| Date: Mon, 5 Aug 2019 10:40:35 +0100 |
| Subject: [PATCH] Catch potential integer overflow in readelf when processing |
| corrupt binaries. |
| |
| PR 24829 |
| * readelf.c (apply_relocations): Catch potential integer overflow |
| whilst checking reloc location against section size. |
| |
| CVE: CVE-2019-14444 |
| Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7] |
| [Removed Changelog entry] |
| Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> |
| --- |
| diff --git a/binutils/readelf.c b/binutils/readelf.c |
| index b896ad9f406..e785fde43e7 100644 |
| --- a/binutils/readelf.c |
| +++ b/binutils/readelf.c |
| @@ -13366,7 +13366,7 @@ apply_relocations (Filedata * filedata, |
| } |
| |
| rloc = start + rp->r_offset; |
| - if ((rloc + reloc_size) > end || (rloc < start)) |
| + if (rloc >= end || (rloc + reloc_size) > end || (rloc < start)) |
| { |
| warn (_("skipping invalid relocation offset 0x%lx in section %s\n"), |
| (unsigned long) rp->r_offset, |