Toolchain/binutils-gdb
1
0
Fork 0
forked from Imagelibrary/binutils-gdb
Code Pull Requests Activity

Fix illegal memory access errors triggered by running srconv on fuzzed binaries.

Browse Source 
PR binutils/17512
	* dwarf.c (read_leb128): Fix test for shift becoming too large.

	* coffgrok.c (do_define): Add check for type size overflow.
	* srconv.c (walk_tree_sfile): Check that enough sections are
	available before parsing.
	(prescan): Likewise.
This commit is contained in:
Nick Clifton
2015-02-13 12:14:05 +00:00
parent f641dd969f
commit 951eaaec17
3 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
binutils/ChangeLog
View File

@@ -1,3 +1,13 @@
2015-02-13 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* dwarf.c (read_leb128): Fix test for shift becoming too large.
* coffgrok.c (do_define): Add check for type size overflow.
* srconv.c (walk_tree_sfile): Check that enough sections are
available before parsing.
(prescan): Likewise.
2015-02-13 Alan Modra <amodra@gmail.com> 2015-02-13 Alan Modra <amodra@gmail.com>
* dwarf.c: Formatting, whitespace. * dwarf.c: Formatting, whitespace.

6
binutils/coffgrok.c
View File

@@ -668,12 +668,10 @@ do_define (unsigned int i, struct coff_scope *b)
if (!is->init) if (!is->init)
{ {
long high = s->where->offset + s->type->size;
is->low = s->where->offset; is->low = s->where->offset;
is->high = high; is->high = s->where->offset + s->type->size;
/* PR 17512: file: 37e7a80d. */ /* PR 17512: file: 37e7a80d. */
if (is->high != high) if (is->high < s->where->offset)
fatal (_("Out of range type size: %u"), s->type->size); fatal (_("Out of range type size: %u"), s->type->size);
is->init = 1; is->init = 1;
is->parent = s->where->section; is->parent = s->where->section;

6
binutils/srconv.c
View File

@@ -1204,6 +1204,8 @@ walk_tree_sfile (struct coff_section *section, struct coff_sfile *sfile)
static void static void
wr_program_structure (struct coff_ofile *p, struct coff_sfile *sfile) wr_program_structure (struct coff_ofile *p, struct coff_sfile *sfile)
{ {
if (p->nsections < 4)
return;
walk_tree_sfile (p->sections + 4, sfile); walk_tree_sfile (p->sections + 4, sfile);
} }
@@ -1705,6 +1707,9 @@ prescan (struct coff_ofile *otree)
struct coff_symbol *s; struct coff_symbol *s;
struct coff_section *common_section; struct coff_section *common_section;
if (otree->nsections < 3)
return;
/* Find the common section - always section 3. */ /* Find the common section - always section 3. */
common_section = otree->sections + 3; common_section = otree->sections + 3;
@@ -1715,7 +1720,6 @@ prescan (struct coff_ofile *otree)
if (s->visible->type == coff_vis_common) if (s->visible->type == coff_vis_common)
{ {
struct coff_where *w = s->where; struct coff_where *w = s->where;
/* s->visible->type = coff_vis_ext_def; leave it as common */ /* s->visible->type = coff_vis_ext_def; leave it as common */
common_section->size = align (common_section->size); common_section->size = align (common_section->size);
w->offset = common_section->size + common_section->address; w->offset = common_section->size + common_section->address;