Imagelibrary/binutils-gdb
1
0
Fork 1
mirror of https://github.com/bminor/binutils-gdb.git synced 2025-12-27 01:28:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix memory access violations triggered by running strip on fuzzed binaries.

Browse Source 
PR binutils/17512
	* coffcode.h (coff_set_arch_mach_hook): Check return value from
	bfd_malloc.
	(coff_slurp_line_table): Return FALSE if the line number
	information was corrupt.
	(coff_slurp_symbol_table): Return FALSE if the symbol information
	was corrupt.
	* mach-o.c (bfd_mach_o_bfd_copy_private_header_data): Always
	initialise the fields of the dyld_info structure.
	(bfd_mach_o_build_exec_seg_command): Replace assertion with an
	error message and a return value.
	(bfd_mach_o_layout_commands): Change the function to boolean.
	Return FALSE if the function fails.
	(bfd_mach_o_build_commands): Fail if bfd_mach_o_layout_commands
	fails.
	(bfd_mach_o_read_command): Fail if an unrecognised command is
	encountered.
	* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Set bfd_error if the
	read fails.
	(slurp_symtab): Check the return from bfd_malloc.
	(_bfd_XX_bfd_copy_private_bfd_data_common): Fail if the copy
	encountered an error.
	(_bfd_XXi_final_link_postscript): Fail if a section could not be
	copied.
	* peicode.h (pe_bfd_object_p): Fail if the header could not be
	swapped in.
	* tekhex.c (first_phase): Fail if the section is too big.
	* versados.c (struct esdid): Add content_size field.
	(process_otr): Use and check the new field.
	(versados_get_section_contents): Check that the section exists and
	that the requested data is available.

	PR binutils/17512
	* addr2line.c (main): Call bfd_set_error_program_name.
	* ar.c (main): Likewise.
	* coffdump.c (main): Likewise.
	* cxxfilt.c (main): Likewise.
	* dlltool.c (main): Likewise.
	* nlmconv.c (main): Likewise.
	* nm.c (main): Likewise.
	* objdump.c (main): Likewise.
	* size.c (main): Likewise.
	* srconv.c (main): Likewise.
	* strings.c (main): Likewise.
	* sysdump.c (main): Likewise.
	* windmc.c (main): Likewise.
	* windres.c (main): Likewise.
	* objcopy.c (main): Likewise.
	(copy_relocations_in_section): Check for relocs without associated
	symbol pointers.
This commit is contained in:
Nick Clifton
2015-01-21 17:37:23 +00:00
parent ffbc46469f
commit 86eafac0aa
23 changed files with 185 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
binutils/objcopy.c
View File

@@ -2960,9 +2960,13 @@ copy_relocations_in_section (bfd *ibfd, sec_ptr isection, void *obfdarg)
temp_relpp = (arelent **) xmalloc (relsize);
for (i = 0; i < relcount; i++)
if (is_specified_symbol (bfd_asymbol_name (*relpp[i]->sym_ptr_ptr),
keep_specific_htab))
temp_relpp [temp_relcount++] = relpp [i];
{
/* PR 17512: file: 9e907e0c. */
if (relpp[i]->sym_ptr_ptr)
if (is_specified_symbol (bfd_asymbol_name (*relpp[i]->sym_ptr_ptr),
keep_specific_htab))
temp_relpp [temp_relcount++] = relpp [i];
}
relcount = temp_relcount;
free (relpp);
relpp = temp_relpp;
@@ -4411,6 +4415,9 @@ main (int argc, char *argv[])
create_symbol_htabs ();
if (argv != NULL)
bfd_set_error_program_name (argv[0]);
if (is_strip)
strip_main (argc, argv);
else