From: Alan Modra <amodra@gmail.com>
Date: Wed, 28 May 2025 12:59:45 +0000 (+0930)
Subject: elfedit: segv with --enable-x86-feature
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f2172071e6b6f20a0401b68a70655930e40f6455;p=thirdparty%2Fbinutils-gdb.git

elfedit: segv with --enable-x86-feature

	PR 33024
	PR 33025
	* elfedit.c (update_gnu_property): Sanity check program headers.
---

diff --git a/binutils/elfedit.c b/binutils/elfedit.c
index 1178d8a2511..43c319f3cf4 100644
--- a/binutils/elfedit.c
+++ b/binutils/elfedit.c
@@ -105,7 +105,18 @@ update_gnu_property (const char *file_name, FILE *file)
   if (map == MAP_FAILED)
     {
       error (_("%s: mmap () failed\n"), file_name);
-      return 0;
+      return 1;
+    }
+
+  if ((elf_header.e_ident[EI_CLASS] == ELFCLASS32
+       ? sizeof (Elf32_External_Phdr)
+       : sizeof (Elf64_External_Phdr)) != elf_header.e_phentsize
+      || elf_header.e_phoff > (size_t) st_buf.st_size
+      || (elf_header.e_phnum * (size_t) elf_header.e_phentsize
+	  > st_buf.st_size - elf_header.e_phoff))
+    {
+      error (_("%s: can't read program headers\n"), file_name);
+      return 1;
     }
 
   phdrs = xmalloc (elf_header.e_phnum * sizeof (*phdrs));