diff options
| author | Nick Clifton <nickc@redhat.com> | 2018-04-17 17:47:51 +0100 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2018-04-17 17:47:51 +0100 |
| commit | 808346fcfcff1c3f2471c98e48613afd7bce3679 (patch) | |
| tree | 0a0fc7a563dabb064b5db4a2032ecf764e985513 | |
| parent | c4a91159afa222c1025f1535f42e382b91dc6b73 (diff) | |
| download | fsf-binutils-gdb-808346fcfcff1c3f2471c98e48613afd7bce3679.zip fsf-binutils-gdb-808346fcfcff1c3f2471c98e48613afd7bce3679.tar.gz fsf-binutils-gdb-808346fcfcff1c3f2471c98e48613afd7bce3679.tar.bz2 | |
Fix illegal memory accesses trigeered when linking corrupt input files.
PR 23055
* aoutx.h (find_nearest_line): Check that the symbol name exists
and is long enough, before attempting to see if it is for a .o
file.
* hash.c (bfd_hash_hash): Add an assertion that the string is not
NULL.
* linker.c (bfd_link_hash_lookup): Fail if the table or string are
NULL.
(_bfd_generic_link_add_archive_symbols): Fail if an archive entry
has no name.
| -rw-r--r-- | bfd/ChangeLog | 11 | ||||
| -rw-r--r-- | bfd/aoutx.h | 9 | ||||
| -rw-r--r-- | bfd/hash.c | 1 | ||||
| -rw-r--r-- | bfd/linker.c | 6 |
4 files changed, 24 insertions, 3 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index eb283d6..88365d0 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,5 +1,16 @@ 2018-04-17 Nick Clifton <nickc@redhat.com> + PR 23055 + * aoutx.h (find_nearest_line): Check that the symbol name exists + and is long enough, before attempting to see if it is for a .o + file. + * hash.c (bfd_hash_hash): Add an assertion that the string is not + NULL. + * linker.c (bfd_link_hash_lookup): Fail if the table or string are + NULL. + (_bfd_generic_link_add_archive_symbols): Fail if an archive entry + has no name. + PR 23065 * dwarf2.c (concat_filename): Check for a NULL table pointer. diff --git a/bfd/aoutx.h b/bfd/aoutx.h index 0e0bab0..7cc9561 100644 --- a/bfd/aoutx.h +++ b/bfd/aoutx.h @@ -2723,7 +2723,10 @@ NAME (aout, find_nearest_line) (bfd *abfd, const char *symname; symname = q->symbol.name; - if (strcmp (symname + strlen (symname) - 2, ".o") == 0) + + if (symname != NULL + && strlen (symname) > 2 + && strcmp (symname + strlen (symname) - 2, ".o") == 0) { if (q->symbol.value > low_line_vma) { @@ -2788,8 +2791,8 @@ NAME (aout, find_nearest_line) (bfd *abfd, case N_FUN: { /* We'll keep this if it is nearer than the one we have already. */ - if (q->symbol.value >= low_func_vma && - q->symbol.value <= offset) + if (q->symbol.value >= low_func_vma + && q->symbol.value <= offset) { low_func_vma = q->symbol.value; func = (asymbol *)q; @@ -435,6 +435,7 @@ bfd_hash_hash (const char *string, unsigned int *lenp) unsigned int len; unsigned int c; + BFD_ASSERT (string != NULL); hash = 0; len = 0; s = (const unsigned char *) string; diff --git a/bfd/linker.c b/bfd/linker.c index c29a6e7..3019919 100644 --- a/bfd/linker.c +++ b/bfd/linker.c @@ -495,6 +495,9 @@ bfd_link_hash_lookup (struct bfd_link_hash_table *table, { struct bfd_link_hash_entry *ret; + if (table == NULL || string == NULL) + return NULL; + ret = ((struct bfd_link_hash_entry *) bfd_hash_lookup (&table->table, string, create, copy)); @@ -941,6 +944,9 @@ _bfd_generic_link_add_archive_symbols continue; } + if (arsym->name == NULL) + goto error_return; + h = bfd_link_hash_lookup (info->hash, arsym->name, FALSE, FALSE, TRUE); |