PR28415: Xtensa stack-buffer-overflow in objdump at disassemble_bytes

Message ID 20211007154257.2417636-1-guillermo.e.martinez@oracle.com
State New
Headers show
Series
  • PR28415: Xtensa stack-buffer-overflow in objdump at disassemble_bytes
Related show

Commit Message

H.J. Lu via Binutils Oct. 7, 2021, 3:42 p.m.
Hello,

 This patch fix the issue repoted by Irfan Ariq,

    https://sourceware.org/bugzilla/show_bug.cgi?id=28415

 Plase let me know your comments. Thanks in advance

 Kind Regards,
 Guillermo

  * elf32-xtensa.c (xtensa_read_table_entries): table_data variable is
    not taking care of the return value for retrieve_contents assuming
    valid bytes for section read, further used in bfd_get_32.
---
 bfd/elf32-xtensa.c | 7 +++++++
 1 file changed, 7 insertions(+)

-- 
2.33.0

Comments

H.J. Lu via Binutils Oct. 8, 2021, 7:50 p.m. | #1
Hi Guillermo,


On Thu, Oct 7, 2021 at 8:43 AM Guillermo E. Martinez
<guillermo.e.martinez@oracle.com> wrote:
>

>  Hello,

>

>  This patch fix the issue repoted by Irfan Ariq,

>

>     https://sourceware.org/bugzilla/show_bug.cgi?id=28415

>

>  Plase let me know your comments. Thanks in advance

>

>  Kind Regards,

>  Guillermo

>

>   * elf32-xtensa.c (xtensa_read_table_entries): table_data variable is

>     not taking care of the return value for retrieve_contents assuming

>     valid bytes for section read, further used in bfd_get_32.

> ---

>  bfd/elf32-xtensa.c | 7 +++++++

>  1 file changed, 7 insertions(+)


Thanks for your patch. The change looks good to me.

-- 
Thanks.
-- Max
H.J. Lu via Binutils Oct. 9, 2021, 3:39 a.m. | #2
On Fri, Oct 08, 2021 at 12:50:58PM -0700, Max Filippov via Binutils wrote:
> On Thu, Oct 7, 2021 at 8:43 AM Guillermo E. Martinez

> <guillermo.e.martinez@oracle.com> wrote:

> >  This patch fix the issue repoted by Irfan Ariq,

> >

> >     https://sourceware.org/bugzilla/show_bug.cgi?id=28415


I've applied this for you, with a log entry that mentions both PRs so
that bugzilla automatically has a record of the fix.

-- 
Alan Modra
Australia Development Lab, IBM

Patch

diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c
index e5bfbb2f509..98039757c22 100644
--- a/bfd/elf32-xtensa.c
+++ b/bfd/elf32-xtensa.c
@@ -910,7 +910,14 @@  xtensa_read_table_entries (bfd *abfd,
     table_entry_size -= 4;
 
   num_records = table_size / table_entry_size;
+
   table_data = retrieve_contents (abfd, table_section, true);
+  if (table_data == 0)
+    {
+      *table_p = NULL;
+      return 0;
+    }
+
   blocks = (property_table_entry *)
     bfd_malloc (num_records * sizeof (property_table_entry));
   block_count = 0;