Imagelibrary/binutils-gdb
1
0
Fork 1
mirror of https://github.com/bminor/binutils-gdb.git synced 2025-12-27 09:38:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

More fixes for buffer overruns instigated by corrupt binaries.

Browse Source 
PR binutils/17512
	* objdump.c (slurp_symtab): Fail gracefully if the table could not
	be read.
	(dump_relocs_in_section): Likewise.

	* aoutx.h (slurp_symbol_table): Check that computed table size is
	not bigger than the file from which is it being read.
	(slurp_reloc_table): Likewise.
	* coffcode.h (coff_slurp_line_table): Remove unneeded local
	'warned'.  Do not try to print the details of a symbol with an
	invalid index.
	* coffgen.c (make_a_sectiobn_from_file): Check computed string
	index against length of string table.
	(bfd_coff_internal_syment_name): Check read in string offset
	against length of string table.
	(build_debug_section): Return a pointer to the section used.
	(_bfd_coff_read_string_table): Store the length of the string
	table in the coff_tdata structure.
	(bfd_coff_free_symbols): Set the length of the string table to
	zero when it is freed.
	(coff_get_normalized_symtab): Check offsets against string table
	or data table lengths as appropriate.
	* cofflink.c (_bfd_coff_link_input_bfd): Check offset against
	length of string table.
	* compress.c (bfd_get_full_section_contents): Check computed size
	against the size of the file.
	* libcoff-in.h (obj_coff_strings_len): Define.
	(struct coff_tdata): Add strings_len field.
	* libcoff.h: Regenerate.
	* peXXigen.c (pe_print_debugdata): Do not attempt to print the
	data if the debug section is too small.
	* xcofflink.c (xcoff_link_input_bfd):  Check offset against
	length of string table.
This commit is contained in:
Nick Clifton
2014-11-03 17:44:00 +00:00
parent ba241f2d5a
commit 5a3f568b70
12 changed files with 140 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
bfd/coffcode.h
View File

@@ -4546,21 +4546,18 @@ coff_slurp_line_table (bfd *abfd, asection *asect)
if (cache_ptr->line_number == 0)
{
bfd_boolean warned;
bfd_signed_vma symndx;
coff_symbol_type *sym;
nbr_func++;
warned = FALSE;
symndx = dst.l_addr.l_symndx;
if (symndx < 0
|| (bfd_vma) symndx >= obj_raw_syment_count (abfd))
{
(*_bfd_error_handler)
(_("%B: warning: illegal symbol index %ld in line numbers"),
abfd, (long) symndx);
symndx = 0;
warned = TRUE;
(_("%B: warning: illegal symbol index 0x%lx in line number entry %d"),
abfd, (long) symndx, counter);
continue;
}
/* FIXME: We should not be casting between ints and
@@ -4569,7 +4566,7 @@ coff_slurp_line_table (bfd *abfd, asection *asect)
((symndx + obj_raw_syments (abfd))
->u.syment._n._n_n._n_zeroes));
cache_ptr->u.sym = (asymbol *) sym;
if (sym->lineno != NULL && ! warned)
if (sym->lineno != NULL)
(*_bfd_error_handler)
(_("%B: warning: duplicate line number information for `%s'"),
abfd, bfd_asymbol_name (&sym->symbol));