* [binutils-gdb] Fix illegal memory access implementing relocs in a fuzzed x86_64 object file.
@ 2023-06-19 11:09 Nick Clifton
0 siblings, 0 replies; only message in thread
From: Nick Clifton @ 2023-06-19 11:09 UTC (permalink / raw)
To: bfd-cvs
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=74d39f70cd9090ba1cdc406421480bb50a864cd2
commit 74d39f70cd9090ba1cdc406421480bb50a864cd2
Author: Nick Clifton <nickc@redhat.com>
Date: Mon Jun 19 12:09:11 2023 +0100
Fix illegal memory access implementing relocs in a fuzzed x86_64 object file.
PR 30560
* elf64-x86-64.c (elf_x86_64_relocate_section): Add more checks for a valid relocation offset.
Diff:
---
bfd/ChangeLog | 6 ++++++
bfd/elf64-x86-64.c | 15 +++++++++++++++
2 files changed, 21 insertions(+)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 1f9b7ec14ba..4fed6e16874 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2023-06-19 Nick Clifton <nickc@redhat.com>
+
+ PR 30560
+ * elf64-x86-64.c (elf_x86_64_relocate_section): Add more checks
+ for a valid relocation offset.
+
2023-06-07 Nick Clifton <nickc@redhat.com>
PR 30499
diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
index dd987ee011b..f926464d812 100644
--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
@@ -3501,6 +3501,9 @@ elf_x86_64_relocate_section (bfd *output_bfd,
{
bfd_vma roff = rel->r_offset;
+ if (roff >= input_section->size)
+ goto corrupt_input;
+
BFD_ASSERT (! unresolved_reloc);
if (r_type == R_X86_64_TLSGD)
@@ -3541,6 +3544,8 @@ elf_x86_64_relocate_section (bfd *output_bfd,
int largepic = 0;
if (ABI_64_P (output_bfd))
{
+ if (roff + 5 >= input_section->size)
+ goto corrupt_input;
if (contents[roff + 5] == 0xb8)
{
if (roff < 3
@@ -3576,6 +3581,10 @@ elf_x86_64_relocate_section (bfd *output_bfd,
"\x64\x8b\x04\x25\0\0\0\0\x48\x8d\x80\0\0\0",
15);
}
+
+ if (roff + 8 + largepic >= input_section->size)
+ goto corrupt_input;
+
bfd_put_32 (output_bfd,
elf_x86_64_tpoff (info, relocation),
contents + roff + 8 + largepic);
@@ -3633,12 +3642,18 @@ elf_x86_64_relocate_section (bfd *output_bfd,
}
if (prefix)
{
+ if (roff + 2 >= input_section->size)
+ goto corrupt_input;
+
bfd_put_8 (output_bfd, 0x0f, contents + roff);
bfd_put_8 (output_bfd, 0x1f, contents + roff + 1);
bfd_put_8 (output_bfd, 0x00, contents + roff + 2);
}
else
{
+ if (roff + 1 >= input_section->size)
+ goto corrupt_input;
+
bfd_put_8 (output_bfd, 0x66, contents + roff);
bfd_put_8 (output_bfd, 0x90, contents + roff + 1);
}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-06-19 11:09 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-06-19 11:09 [binutils-gdb] Fix illegal memory access implementing relocs in a fuzzed x86_64 object file Nick Clifton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).