forked from Imagelibrary/binutils-gdb
Fix memory access violations triggered by running strip on fuzzed binaries.
PR binutils/17512 * coffcode.h (coff_set_arch_mach_hook): Check return value from bfd_malloc. (coff_slurp_line_table): Return FALSE if the line number information was corrupt. (coff_slurp_symbol_table): Return FALSE if the symbol information was corrupt. * mach-o.c (bfd_mach_o_bfd_copy_private_header_data): Always initialise the fields of the dyld_info structure. (bfd_mach_o_build_exec_seg_command): Replace assertion with an error message and a return value. (bfd_mach_o_layout_commands): Change the function to boolean. Return FALSE if the function fails. (bfd_mach_o_build_commands): Fail if bfd_mach_o_layout_commands fails. (bfd_mach_o_read_command): Fail if an unrecognised command is encountered. * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Set bfd_error if the read fails. (slurp_symtab): Check the return from bfd_malloc. (_bfd_XX_bfd_copy_private_bfd_data_common): Fail if the copy encountered an error. (_bfd_XXi_final_link_postscript): Fail if a section could not be copied. * peicode.h (pe_bfd_object_p): Fail if the header could not be swapped in. * tekhex.c (first_phase): Fail if the section is too big. * versados.c (struct esdid): Add content_size field. (process_otr): Use and check the new field. (versados_get_section_contents): Check that the section exists and that the requested data is available. PR binutils/17512 * addr2line.c (main): Call bfd_set_error_program_name. * ar.c (main): Likewise. * coffdump.c (main): Likewise. * cxxfilt.c (main): Likewise. * dlltool.c (main): Likewise. * nlmconv.c (main): Likewise. * nm.c (main): Likewise. * objdump.c (main): Likewise. * size.c (main): Likewise. * srconv.c (main): Likewise. * strings.c (main): Likewise. * sysdump.c (main): Likewise. * windmc.c (main): Likewise. * windres.c (main): Likewise. * objcopy.c (main): Likewise. (copy_relocations_in_section): Check for relocs without associated symbol pointers.
This commit is contained in:
Nick Clifton
@@ -2073,10 +2073,14 @@ coff_mkobject_hook (bfd * abfd,
|
||||
#endif
|
||||
|
||||
if ((internal_f->f_flags & F_GO32STUB) != 0)
|
||||
coff->go32stub = (char *) bfd_alloc (abfd, (bfd_size_type) GO32_STUBSIZE);
|
||||
{
|
||||
coff->go32stub = (char *) bfd_alloc (abfd, (bfd_size_type) GO32_STUBSIZE);
|
||||
if (coff->go32stub == NULL)
|
||||
return NULL;
|
||||
}
|
||||
if (coff->go32stub != NULL)
|
||||
memcpy (coff->go32stub, internal_f->go32stub, GO32_STUBSIZE);
|
||||
|
||||
|
||||
return coff;
|
||||
}
|
||||
#endif
|
||||
@@ -2278,6 +2282,8 @@ coff_set_arch_mach_hook (bfd *abfd, void * filehdr)
|
||||
bfd_size_type amt = bfd_coff_symesz (abfd);
|
||||
|
||||
buf = bfd_malloc (amt);
|
||||
if (buf == NULL)
|
||||
return FALSE;
|
||||
if (bfd_seek (abfd, obj_sym_filepos (abfd), SEEK_SET) != 0
|
||||
|| bfd_bread (buf, amt, abfd) != amt)
|
||||
{
|
||||
@@ -2666,10 +2672,16 @@ coff_write_relocs (bfd * abfd, int first_undef)
|
||||
amt = s->reloc_count;
|
||||
amt *= sizeof (arelent *);
|
||||
p = bfd_malloc (amt);
|
||||
if (p == NULL && s->reloc_count > 0)
|
||||
return FALSE;
|
||||
memcpy (p, s->orelocation, (size_t) amt);
|
||||
qsort (p, s->reloc_count, sizeof (arelent *), compare_arelent_ptr);
|
||||
if (p == NULL)
|
||||
{
|
||||
if (s->reloc_count > 0)
|
||||
return FALSE;
|
||||
}
|
||||
else
|
||||
{
|
||||
memcpy (p, s->orelocation, (size_t) amt);
|
||||
qsort (p, s->reloc_count, sizeof (arelent *), compare_arelent_ptr);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -4526,6 +4538,7 @@ coff_slurp_line_table (bfd *abfd, asection *asect)
|
||||
unsigned int nbr_func;
|
||||
LINENO *src;
|
||||
bfd_boolean have_func;
|
||||
bfd_boolean ret = TRUE;
|
||||
|
||||
BFD_ASSERT (asect->lineno == NULL);
|
||||
|
||||
@@ -4575,6 +4588,7 @@ coff_slurp_line_table (bfd *abfd, asection *asect)
|
||||
(_("%B: warning: illegal symbol index 0x%lx in line number entry %d"),
|
||||
abfd, (long) symndx, counter);
|
||||
cache_ptr->line_number = -1;
|
||||
ret = FALSE;
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -4587,6 +4601,7 @@ coff_slurp_line_table (bfd *abfd, asection *asect)
|
||||
(_("%B: warning: illegal symbol index 0x%lx in line number entry %d"),
|
||||
abfd, (long) symndx, counter);
|
||||
cache_ptr->line_number = -1;
|
||||
ret = FALSE;
|
||||
continue;
|
||||
}
|
||||
sym = (coff_symbol_type *) (ent->u.syment._n._n_n._n_zeroes);
|
||||
@@ -4599,6 +4614,7 @@ coff_slurp_line_table (bfd *abfd, asection *asect)
|
||||
(_("%B: warning: illegal symbol in line number entry %d"),
|
||||
abfd, counter);
|
||||
cache_ptr->line_number = -1;
|
||||
ret = FALSE;
|
||||
continue;
|
||||
}
|
||||
|
||||
@@ -4678,11 +4694,15 @@ coff_slurp_line_table (bfd *abfd, asection *asect)
|
||||
|
||||
memcpy (lineno_cache, n_lineno_cache, amt);
|
||||
}
|
||||
else
|
||||
ret = FALSE;
|
||||
bfd_release (abfd, func_table);
|
||||
}
|
||||
else
|
||||
ret = FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Slurp in the symbol table, converting it to generic form. Note
|
||||
@@ -4697,6 +4717,7 @@ coff_slurp_symbol_table (bfd * abfd)
|
||||
unsigned int *table_ptr;
|
||||
bfd_size_type amt;
|
||||
unsigned int number_of_symbols = 0;
|
||||
bfd_boolean ret = TRUE;
|
||||
|
||||
if (obj_symbols (abfd))
|
||||
return TRUE;
|
||||
@@ -5017,6 +5038,7 @@ coff_slurp_symbol_table (bfd * abfd)
|
||||
(_("%B: Unrecognized storage class %d for %s symbol `%s'"),
|
||||
abfd, src->u.syment.n_sclass,
|
||||
dst->symbol.section->name, dst->symbol.name);
|
||||
ret = FALSE;
|
||||
case C_EXTLAB: /* External load time label. */
|
||||
case C_HIDDEN: /* Ext symbol in dmert public lib. */
|
||||
dst->symbol.flags = BSF_DEBUGGING;
|
||||
@@ -5052,7 +5074,7 @@ coff_slurp_symbol_table (bfd * abfd)
|
||||
}
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Classify a COFF symbol. A couple of targets have globally visible
|
||||
|
||||
Reference in New Issue
Block a user