Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 1 | From ab419ddbb2cdd17ca83618990f2cacf904ce1d61 Mon Sep 17 00:00:00 2001 |
| 2 | From: Alan Modra <amodra@gmail.com> |
| 3 | Date: Tue, 23 Oct 2018 18:29:24 +1030 |
| 4 | Subject: [PATCH] PR23804, buffer overflow in sec_merge_hash_lookup |
| 5 | |
| 6 | PR 23804 |
| 7 | * merge.c (_bfd_add_merge_section): Don't attempt to merge |
| 8 | sections where size is not a multiple of entsize. |
| 9 | |
| 10 | Upstream-Status: Backport |
| 11 | CVE: CVE-2018-18605 |
| 12 | Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> |
| 13 | --- |
| 14 | bfd/ChangeLog | 6 ++++++ |
| 15 | bfd/merge.c | 3 +++ |
| 16 | 2 files changed, 9 insertions(+) |
| 17 | |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 18 | --- a/bfd/merge.c |
| 19 | +++ b/bfd/merge.c |
Brad Bishop | 977dc1a | 2019-02-06 16:01:43 -0500 | [diff] [blame] | 20 | @@ -376,6 +376,9 @@ _bfd_add_merge_section (bfd *abfd, void |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 21 | || sec->entsize == 0) |
| 22 | return TRUE; |
| 23 | |
| 24 | + if (sec->size % sec->entsize != 0) |
| 25 | + return TRUE; |
| 26 | + |
| 27 | if ((sec->flags & SEC_RELOC) != 0) |
| 28 | { |
| 29 | /* We aren't prepared to handle relocations in merged sections. */ |