diff options
| author | Nick Clifton <nickc@redhat.com> | 2015-02-03 14:34:54 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2015-02-03 14:34:54 +0000 |
| commit | 64d2901806c171c0d949f8fb1b29b4e5ba8cf04d (patch) | |
| tree | 275309fa108305408faa350ecb1043da1ff2fd96 /bfd/peXXigen.c | |
| parent | 46b87d490296235ab7c76c68816de7c402a79326 (diff) | |
| download | fsf-binutils-gdb-64d2901806c171c0d949f8fb1b29b4e5ba8cf04d.zip fsf-binutils-gdb-64d2901806c171c0d949f8fb1b29b4e5ba8cf04d.tar.gz fsf-binutils-gdb-64d2901806c171c0d949f8fb1b29b4e5ba8cf04d.tar.bz2 | |
More fixes for illegal memory accesses triggered by running objdump on fuzzed binaries.
PR binutils/17512
* objdump.c (display_any_bfd): Fail if archives nest too deeply.
* ecoff.c: Use bfd_alloc2 to allocate space for structure arrays.
(_bfd_ecoff_slurp_symbol_table): Check for a negative symbol
index or an out of range fdr index.
* elf-m10300.c (mn10300_info_to_howto): Fix typo in error message.
* elf32-arc.c (arc_info_to_howto_rel): Likewise.
* elf32-avr.c (avr_info_to_howto_rela): Likewise.
* elf32-cr16.c (elf_cr16_info_to_howto): Likewise.
* elf32-cr16c.c (elf_cr16c_info_to_howto_rel): Likewise.
* elf32-cris.c (cris_info_to_howto_rela): Likewise.
* elf32-crx.c (elf_crx_info_to_howto): Likewise.
* elf32-d10v.c (d10v_info_to_howto_rel): Likewise.
* elf32-d30v.c (d30v_info_to_howto_rel): Likewise.
* elf32-epiphany.c (epiphany_info_to_howto_rela): Likewise.
* elf32-fr30.c (fr30_info_to_howto_rela): Likewise.
* elf32-frv.c (frv_info_to_howto_rela): Likewise.
* elf32-i370.c (i370_elf_info_to_howto): Likewise.
* elf32-i960.c (elf32_i960_info_to_howto_rel): Likewise.
* elf32-ip2k.c (ip2k_info_to_howto_rela): Likewise.
* elf32-iq2000.c (iq2000_info_to_howto_rela): Likewise.
* elf32-lm32.c (lm32_info_to_howto_rela): Likewise.
* elf32-m32c.c (m32c_info_to_howto_rela): Likewise.
* elf32-m32r.c (m32r_info_to_howto_rel): Likewise.
* elf32-m68hc11.c (m68hc11_info_to_howto_rel): Likewise.
* elf32-m68hc12.c (m68hc11_info_to_howto_rel): Likewise.
* elf32-mcore.c (mcore_elf_info_to_howto): Likewise.
* elf32-mep.c (mep_info_to_howto_rela): Likewise.
* elf32-metag.c (metag_info_to_howto_rela): Likewise.
* elf32-microblaze.c (microblaze_elf_info_to_howto): Likewise.
* elf32-moxie.c (moxie_info_to_howto_rela): Likewise.
* elf32-msp430.c (msp430_info_to_howto_rela): Likewise.
* elf32-mt.c (mt_info_to_howto_rela): Likewise.
* elf32-nds32.c (nds32_info_to_howto_rel): Likewise.
* elf32-or1k.c (or1k_info_to_howto_rela): Likewise.
* elf32-pj.c (pj_elf_info_to_howto): Likewise.
* elf32-ppc.c (ppc_elf_info_to_howto): Likewise.
* elf32-rl78.c (rl78_info_to_howto_rela): Likewise.
* elf32-rx.c (rx_info_to_howto_rela): Likewise.
* elf32-sh.c (sh_elf_info_to_howto): Likewise.
* elf32-spu.c (spu_elf_info_to_howto): Likewise.
* elf32-v850.c (v850_elf_perform_relocation): Likewise.
* elf32-vax.c (rtype_to_howto): Likewise.
* elf32-visium.c (visium_info_to_howto_rela): Likewise.
* elf32-xgate.c (xgate_info_to_howto_rel): Likewise.
* elf32-xtensa.c (elf_xtensa_info_to_howto_rela): Likewise.
* elf64-alpha.c (elf64_alpha_info_to_howto): Likewise.
* elf64-mmix.c (mmix_info_to_howto_rela): Likewise.
* mach-o.c: Use bfd_alloc2 to allocate space for structure arrays.
(bfd_mach_o_canonicalize_one_reloc): Fix check on out
of range symbol indicies.
(bfd_mach_o_canonicalize_relocs): Check for out of range alloc.
(bfd_mach_o_canonicalize_dynamic_reloc): Likewise.
(bfd_mach_o_build_dysymtab): Likewise.
(bfd_mach_o_write_symtab_content): Set the string table size to
zero upon error.
(bfd_mach_o_read_symtab_symbols): Reset the nsyms value if the
read fails.
* peXXigen.c (pe_print_edata): Check for numeric overflow in edt
fields.
* tekhex.c (first_phase): Check for src pointer reaching end of
buffer.
Diffstat (limited to 'bfd/peXXigen.c')
| -rw-r--r-- | bfd/peXXigen.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c index 122ddf1..45f1937 100644 --- a/bfd/peXXigen.c +++ b/bfd/peXXigen.c @@ -1757,6 +1757,8 @@ pe_print_edata (bfd * abfd, void * vfile) /* PR 17512: Handle corrupt PE binaries. */ if (edt.eat_addr + (edt.num_functions * 4) - adj >= datasize + /* PR 17512: file: 092b1829 */ + || (edt.num_functions * 4) < edt.num_functions /* PR 17512 file: 140-165018-0.004. */ || data + edt.eat_addr - adj < data) fprintf (file, _("\tInvalid Export Address Table rva (0x%lx) or entry count (0x%lx)\n"), @@ -1801,6 +1803,8 @@ pe_print_edata (bfd * abfd, void * vfile) /* PR 17512: Handle corrupt PE binaries. */ if (edt.npt_addr + (edt.num_names * 4) - adj >= datasize + /* PR 17512: file: bb68816e. */ + || edt.num_names * 4 < edt.num_names || (data + edt.npt_addr - adj) < data) fprintf (file, _("\tInvalid Name Pointer Table rva (0x%lx) or entry count (0x%lx)\n"), (long) edt.npt_addr, |