[Bug binutils/22307] Heap out of bounds read in _bfd_elf_parse_gnu_properties()
https://sourceware.org/bugzilla/show_bug.cgi?id=22307 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed||2017-10-17 Assignee|unassigned at sourceware dot org |amodra at gmail dot com Ever confirmed|0 |1 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22307] Heap out of bounds read in _bfd_elf_parse_gnu_properties()
https://sourceware.org/bugzilla/show_bug.cgi?id=22307 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163 commit cf54ebff3b7361989712fd9c0128a9b255578163 Author: Alan Modra Date: Tue Oct 17 21:57:29 2017 +1030 PR22307, Heap out of bounds read in _bfd_elf_parse_gnu_properties When adding an unbounded increment to a pointer, you can't just check against the end of the buffer but also must check that overflow doesn't result in "negative" pointer movement. Pointer comparisons are signed. Better, check the increment against the space left using an unsigned comparison. PR 22307 * elf-properties.c (_bfd_elf_parse_gnu_properties): Compare datasz against size left rather than comparing pointers. Reorganise loop. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22307] Heap out of bounds read in _bfd_elf_parse_gnu_properties()
https://sourceware.org/bugzilla/show_bug.cgi?id=22307 Alan Modra changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED Target Milestone|--- |2.30 --- Comment #2 from Alan Modra --- Fixed -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22303] readelf - Heap out of bounds read in byte_get_little_endian()
https://sourceware.org/bugzilla/show_bug.cgi?id=22303 Alan Modra changed: What|Removed |Added Status|UNCONFIRMED |ASSIGNED Last reconfirmed||2017-10-18 Assignee|unassigned at sourceware dot org |amodra at gmail dot com Ever confirmed|0 |1 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22303] readelf - Heap out of bounds read in byte_get_little_endian()
https://sourceware.org/bugzilla/show_bug.cgi?id=22303 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Alan Modra : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5396a86e439653fb5cd714b955708250777a32e5 commit 5396a86e439653fb5cd714b955708250777a32e5 Author: Alan Modra Date: Wed Oct 18 12:05:39 2017 +1030 PR22303, print_core_note out of bounds read The print_core_note change here fixes the PR, the rest is making readelf a little more bombproof against maliciously crafted binaries. PR 22303 * readelf.c (print_core_note): Ensure "count" sanity check calculation doesn't overflow. (process_notes_at): Perform note namesz and descsz checks using unsigned comparisons against data remaining. Catch alignment overflow of namesz and descsz too. Don't allocate a temp for terminating "name" when there is space available before descdata. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22303] print_core_note out of bounds read
https://sourceware.org/bugzilla/show_bug.cgi?id=22303 Alan Modra changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED Target Milestone|--- |2.30 Summary|readelf - Heap out of |print_core_note out of |bounds read in |bounds read |byte_get_little_endian()| --- Comment #2 from Alan Modra --- Fixed -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
