Toolchain/binutils-gdb
1
0
Fork 0
forked from Imagelibrary/binutils-gdb
Code Pull Requests Activity

Fix more memory faults uncovered by fuzzing various executables.

Browse Source 
PR binutils/17512
	* dwarf.c (read_and_display_attr_value): Check that we do not read
	past end.
	(display_debug_pubnames_worker): Add range checks.
	(process_debug_info): Check for invalid pointer sizes.
	(display_loc_list): Likewise.
	(display_loc_list_dwo): Likewise.
	(display_debug_ranges): Likewise.
	(display_debug_aranges): Check for invalid address size.
	(read_cie): Add range checks.  Replace call strchr with while loop.
	* objdump.c (dump_dwarf): Replace abort with a warning message.
	(print_section_stabs): Improve range checks.
	* rdcoff.c (coff_get_slot): Use long for indx parameter type.
	Add check for an excesively large index.
	* rddbg.c (read_section_stabs_debugging_info): Zero terminate the
	string table.  Avoid walking off the end of the stabs data.
	* stabs.c (parse_stab_string): Add check for a NULL name.

	PR binutils/17512
	* coffcode.h (coff_slurp_line_table): Set the line number of
	corrupt entries to -1.
	(coff_slurp_symbol_table): Alway initialise the value of the
	symbol.
	* coffgen.c (coff_print_symbol): Check that the combined pointer
	is valid.
	(coff_print_symbol): Do not print negative line numbers.
	* peXXigen.c (pe_print_idata): Add range checking displaying
	member names.
This commit is contained in:
Nick Clifton
2014-11-12 22:39:58 +00:00
parent 40e91bc71f
commit f41e4712a7
10 changed files with 244 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
bfd/coffgen.c
View File

@@ -2099,6 +2099,14 @@ coff_print_symbol (bfd *abfd,
fprintf (file, "[%3ld]", (long) (combined - root));
/* PR 17512: file: 079-33786-0.001:0.1. */
if (combined < obj_raw_syments (abfd)
|| combined >= obj_raw_syments (abfd) + obj_raw_syment_count (abfd))
{
fprintf (file, _("<corrupt info> %s"), symbol->name);
break;
}
if (! combined->fix_value)
val = (bfd_vma) combined->u.syment.n_value;
else
@@ -2192,8 +2200,11 @@ coff_print_symbol (bfd *abfd,
l++;
while (l->line_number)
{
fprintf (file, "\n%4d : ", l->line_number);
bfd_fprintf_vma (abfd, file, l->u.offset + symbol->section->vma);
if (l->line_number > 0)
{
fprintf (file, "\n%4d : ", l->line_number);
bfd_fprintf_vma (abfd, file, l->u.offset + symbol->section->vma);
}
l++;
}
}