1From 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001 2From: Nick Clifton <nickc@redhat.com> 3Date: Wed, 19 Oct 2022 15:09:12 +0100 4Subject: [PATCH] Fix an illegal memory access when parsing an ELF file 5 containing corrupt symbol version information. 6 7 PR 29699 8 * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field 9 of the section header is zero. 10 11Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] 12CVE: CVE-2022-4285 13 14Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> 15--- 16 bfd/ChangeLog | 6 ++++++ 17 bfd/elf.c | 4 +++- 18 2 files changed, 9 insertions(+), 1 deletion(-) 19 20diff --git a/bfd/elf.c b/bfd/elf.c 21index fe00e0f9189..7cd7febcf95 100644 22--- a/bfd/elf.c 23+++ b/bfd/elf.c 24@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) 25 bfd_set_error (bfd_error_file_too_big); 26 goto error_return_verref; 27 } 28- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); 29+ if (amt == 0) 30+ goto error_return_verref; 31+ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); 32 if (elf_tdata (abfd)->verref == NULL) 33 goto error_return_verref; 34 35-- 362.31.1 37 38