1*4882a593SmuzhiyunFrom 5c831a3c7f3ca98d6aba1200353311e1a1f84c70 Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Nick Clifton <nickc@redhat.com> 3*4882a593SmuzhiyunDate: Wed, 19 Oct 2022 15:09:12 +0100 4*4882a593SmuzhiyunSubject: [PATCH] Fix an illegal memory access when parsing an ELF file 5*4882a593Smuzhiyun containing corrupt symbol version information. 6*4882a593Smuzhiyun 7*4882a593Smuzhiyun PR 29699 8*4882a593Smuzhiyun * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field 9*4882a593Smuzhiyun of the section header is zero. 10*4882a593Smuzhiyun 11*4882a593SmuzhiyunUpstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] 12*4882a593SmuzhiyunCVE: CVE-2022-4285 13*4882a593Smuzhiyun 14*4882a593SmuzhiyunSigned-off-by: Yash Shinde <Yash.Shinde@windriver.com> 15*4882a593Smuzhiyun--- 16*4882a593Smuzhiyun bfd/ChangeLog | 6 ++++++ 17*4882a593Smuzhiyun bfd/elf.c | 4 +++- 18*4882a593Smuzhiyun 2 files changed, 9 insertions(+), 1 deletion(-) 19*4882a593Smuzhiyun 20*4882a593Smuzhiyundiff --git a/bfd/elf.c b/bfd/elf.c 21*4882a593Smuzhiyunindex fe00e0f9189..7cd7febcf95 100644 22*4882a593Smuzhiyun--- a/bfd/elf.c 23*4882a593Smuzhiyun+++ b/bfd/elf.c 24*4882a593Smuzhiyun@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) 25*4882a593Smuzhiyun bfd_set_error (bfd_error_file_too_big); 26*4882a593Smuzhiyun goto error_return_verref; 27*4882a593Smuzhiyun } 28*4882a593Smuzhiyun- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); 29*4882a593Smuzhiyun+ if (amt == 0) 30*4882a593Smuzhiyun+ goto error_return_verref; 31*4882a593Smuzhiyun+ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); 32*4882a593Smuzhiyun if (elf_tdata (abfd)->verref == NULL) 33*4882a593Smuzhiyun goto error_return_verref; 34*4882a593Smuzhiyun 35*4882a593Smuzhiyun-- 36*4882a593Smuzhiyun2.31.1 37*4882a593Smuzhiyun 38