https://sourceware.org/bugzilla/show_bug.cgi?id=22307
--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Alan Modra <amo...@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163 commit cf54ebff3b7361989712fd9c0128a9b255578163 Author: Alan Modra <amo...@gmail.com> Date: Tue Oct 17 21:57:29 2017 +1030 PR22307, Heap out of bounds read in _bfd_elf_parse_gnu_properties When adding an unbounded increment to a pointer, you can't just check against the end of the buffer but also must check that overflow doesn't result in "negative" pointer movement. Pointer comparisons are signed. Better, check the increment against the space left using an unsigned comparison. PR 22307 * elf-properties.c (_bfd_elf_parse_gnu_properties): Compare datasz against size left rather than comparing pointers. Reorganise loop. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
