| From ab419ddbb2cdd17ca83618990f2cacf904ce1d61 Mon Sep 17 00:00:00 2001 |
| From: Alan Modra <amodra@gmail.com> |
| Date: Tue, 23 Oct 2018 18:29:24 +1030 |
| Subject: [PATCH] PR23804, buffer overflow in sec_merge_hash_lookup |
| |
| PR 23804 |
| * merge.c (_bfd_add_merge_section): Don't attempt to merge |
| sections where size is not a multiple of entsize. |
| |
| Upstream-Status: Backport |
| CVE: CVE-2018-18605 |
| Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> |
| --- |
| bfd/ChangeLog | 6 ++++++ |
| bfd/merge.c | 3 +++ |
| 2 files changed, 9 insertions(+) |
| |
| --- a/bfd/merge.c |
| +++ b/bfd/merge.c |
| @@ -376,6 +376,9 @@ _bfd_add_merge_section (bfd *abfd, void |
| || sec->entsize == 0) |
| return TRUE; |
| |
| + if (sec->size % sec->entsize != 0) |
| + return TRUE; |
| + |
| if ((sec->flags & SEC_RELOC) != 0) |
| { |
| /* We aren't prepared to handle relocations in merged sections. */ |