Toolchain/binutils-gdb
1
0
Fork 0
forked from Imagelibrary/binutils-gdb
Code Pull Requests Activity

Fixes for memory access violations exposed by fuzzinf various binaries.

Browse Source 
PR binutils/17512
	* dwarf.c (get_encoded_value): Check for an encoded size of 0.
	(display_debug_lines_raw): Check for an invalid line range value.
	(display_debug_frames): Check for corrupt augmentation data.

	* coffgen.c (coff_get_normalized_symtab): Check for an excessive
	number of auxillary entries.
	* ieee.c (next_byte): Convert to a function.  Return FALSE if the
	next byte is beyond the end of the buffer.
	(parse_int): Test the return value of next_byte.
	(parse_expression): Convert to boolean.  Return FALSE if the
	parsing failed.  Test the return value of next_byte.
	(ieee_seek): Convert to a function.  Return FALSE if the seek goes
	beyond the end of the buffer.
	(ieee_slurp_external_symbols): Test the return value of ieee_seek
	and next_byte.
	(ieee_slurp_sections): Convert to boolean.  Return FALSE if the
	operation failed.  Test the return value of ieee_seek and
	next_byte.
	(ieee_archive_p): Test the return value of ieee_seek and
	next_byte.
	(do_one): Likewise.
	(ieee_slurp_section_data): Likewise.
	(ieee_object_p): Likewise.  Store the size of the buffer in the
	total_amt field in the header.
	* libieee.h (common_header_type): Add amt field.
	* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Check that the
	reloc's value is within range.
	(bfd_mach_o_read_symtab_symbols): Nullify the symbols field if the
	operation fails.
	* pei-x86_64.c (pex64_xdata_print_uwd_codes): Replace abort with
	an error message.
	(pex64_dump_xdata): Check for buffer overflows.
	* versados.c (process_otr): Check that the section exists before
	taking its size.
	(versados_object_p): Make sure that enough data was read for the
	header to be checked.
	* vms-alpha.c (vms_get_remaining_object_record): Change
	read_so_far parameter to an unsigned int.  Check that the amount
	read is in range.
This commit is contained in:
Nick Clifton
2014-11-21 21:44:04 +00:00
parent 5974eba65b
commit 0a9d414aa1
10 changed files with 334 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
bfd/coffgen.c
View File

@@ -1808,6 +1808,16 @@ coff_get_normalized_symtab (bfd *abfd)
symbol_ptr = internal_ptr;
internal_ptr->is_sym = TRUE;
/* PR 17512: file: 1353-1166-0.004. */
if (symbol_ptr->u.syment.n_sclass == C_FILE
&& symbol_ptr->u.syment.n_numaux > 0
&& raw_src + symesz + symbol_ptr->u.syment.n_numaux
* sizeof (union internal_auxent) >= raw_end)
{
bfd_release (abfd, internal);
return NULL;
}
for (i = 0;
i < symbol_ptr->u.syment.n_numaux;
i++)
@@ -1815,14 +1825,19 @@ coff_get_normalized_symtab (bfd *abfd)
internal_ptr++;
/* PR 17512: Prevent buffer overrun. */
if (internal_ptr >= internal_end)
return NULL;
{
bfd_release (abfd, internal);
return NULL;
}
raw_src += symesz;
bfd_coff_swap_aux_in (abfd, (void *) raw_src,
symbol_ptr->u.syment.n_type,
symbol_ptr->u.syment.n_sclass,
(int) i, symbol_ptr->u.syment.n_numaux,
&(internal_ptr->u.auxent));
internal_ptr->is_sym = FALSE;
coff_pointerize_aux (abfd, internal, symbol_ptr, i,
internal_ptr);