Fix an illegal memory access parsing a corrupt sysroff file.

PR 28564 * sysdump.c (getCHARS): Check for an out of bounds read.
4 years ago · d8ed269e5c
2 changed files with 11 additions and 0 deletions
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@ -1,3 +1,8 @@
+2021-11-24  Nick Clifton  <nickc@redhat.com>
+
+	PR 28564
+	* sysdump.c (getCHARS): Check for an out of bounds read.
+
 2021-11-16  Fangrui Song  <maskray@google.com>

 	* readelf.c (enum relocation_type): New.
--- a/binutils/sysdump.c
+++ b/binutils/sysdump.c
@ -60,6 +60,12 @@ getCHARS (unsigned char *ptr, int *idx, int size, int max)
      (*idx) += 8;
    }

+  if (oc + b > size)
+    {
+      /* PR 28564  */
+      return _("*corrupt*");
+    }
+
  *idx += b * 8;
  r = xcalloc (b + 1, 1);
  memcpy (r, ptr + oc, b);