PR24435, buffer overflow reading dynamic entries

Message ID 20190411112619.GK14424@bubble.grove.modra.org
State New
Headers show
Series
  • PR24435, buffer overflow reading dynamic entries
Related show

Commit Message

Alan Modra April 11, 2019, 11:26 a.m.
PR 24435
	* elflink.c (elf_link_add_object_symbols): Don't read partial
	dynamic entries from fuzzed objects.


-- 
Alan Modra
Australia Development Lab, IBM

Patch

diff --git a/bfd/elflink.c b/bfd/elflink.c
index c796e27a14..8aae9808a1 100644
--- a/bfd/elflink.c
+++ b/bfd/elflink.c
@@ -4076,7 +4076,7 @@  error_free_dyn:
 	  shlink = elf_elfsections (abfd)[elfsec]->sh_link;
 
 	  for (extdyn = dynbuf;
-	       extdyn < dynbuf + s->size;
+	       extdyn <= dynbuf + s->size - bed->s->sizeof_dyn;
 	       extdyn += bed->s->sizeof_dyn)
 	    {
 	      Elf_Internal_Dyn dyn;