elfedit: segv with --enable-x86-feature

	PR 33024
	PR 33025
	* elfedit.c (update_gnu_property): Sanity check program headers.

diff --git a/binutils/elfedit.c b/binutils/elfedit.c
index 1178d8a2511f9ac31bfcd42ed60ff981182f7f71..43c319f3cf44179a4e9951c9f6ef00b875595c5c 100644 (file)
--- a/binutils/elfedit.c
+++ b/binutils/elfedit.c
@@ -105,7 +105,18 @@ update_gnu_property (const char *file_name, FILE *file)
   if (map == MAP_FAILED)
     {
       error (_("%s: mmap () failed\n"), file_name);
-      return 0;
+      return 1;
+    }
+
+  if ((elf_header.e_ident[EI_CLASS] == ELFCLASS32
+       ? sizeof (Elf32_External_Phdr)
+       : sizeof (Elf64_External_Phdr)) != elf_header.e_phentsize
+      || elf_header.e_phoff > (size_t) st_buf.st_size
+      || (elf_header.e_phnum * (size_t) elf_header.e_phentsize
+         > st_buf.st_size - elf_header.e_phoff))
+    {
+      error (_("%s: can't read program headers\n"), file_name);
+      return 1;
     }
 
   phdrs = xmalloc (elf_header.e_phnum * sizeof (*phdrs));