diff options
| author | Nick Clifton <nickc@redhat.com> | 2016-08-08 13:20:04 +0100 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2016-08-08 13:20:04 +0100 |
| commit | d8024a9189b9e686e403512a96e4256823b5c6e4 (patch) | |
| tree | 0b858324d0bded058516cc8557c9bdf027173bdd /binutils/dwarf.c | |
| parent | 8a286b63457628b0a55d395f14005f254512e27d (diff) | |
| download | fsf-binutils-gdb-d8024a9189b9e686e403512a96e4256823b5c6e4.zip fsf-binutils-gdb-d8024a9189b9e686e403512a96e4256823b5c6e4.tar.gz fsf-binutils-gdb-d8024a9189b9e686e403512a96e4256823b5c6e4.tar.bz2 | |
Fix seg-faults when running readelf on fuzzed binaries.
PR binutils/20440
* dwarf.c (display_debug_lines_decoded): Add checks for running
off the end of the section when populating the directory table and
file table.
(frame_display_row): Set max_regs equal to ncols.
(load_specific_debug_section): If the section is compressed, but
it is not big enough to hold a compression header then warn and
return 0.
Diffstat (limited to 'binutils/dwarf.c')
| -rw-r--r-- | binutils/dwarf.c | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 2f2d8ae..e07f661 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -3252,16 +3252,32 @@ display_debug_lines_decoded (struct dwarf_section *section, /* Traverse the Directory table just to count entries. */ data = standard_opcodes + linfo.li_opcode_base - 1; + /* PR 20440 */ + if (data >= end) + { + warn (_("opcode base of %d extends beyond end of section\n"), + linfo.li_opcode_base); + return 0; + } + if (*data != 0) { unsigned char *ptr_directory_table = data; - while (*data != 0) + while (data < end && *data != 0) { data += strnlen ((char *) data, end - data) + 1; n_directories++; } + /* PR 20440 */ + if (data >= end) + { + warn (_("directory table ends unexpectedly\n")); + n_directories = 0; + break; + } + /* Go through the directory table again to save the directories. */ directory_table = (unsigned char **) xmalloc (n_directories * sizeof (unsigned char *)); @@ -3279,11 +3295,11 @@ display_debug_lines_decoded (struct dwarf_section *section, data++; /* Traverse the File Name table just to count the entries. */ - if (*data != 0) + if (data < end && *data != 0) { unsigned char *ptr_file_name_table = data; - while (*data != 0) + while (data < end && *data != 0) { unsigned int bytes_read; @@ -3300,6 +3316,13 @@ display_debug_lines_decoded (struct dwarf_section *section, n_files++; } + if (data >= end) + { + warn (_("file table ends unexpectedly\n")); + n_files = 0; + break; + } + /* Go through the file table again to save the strings. */ file_table = (File_Entry *) xmalloc (n_files * sizeof (File_Entry)); @@ -5582,7 +5605,7 @@ frame_display_row (Frame_Chunk *fc, int *need_col_headers, unsigned int *max_reg unsigned int r; char tmp[100]; - if (*max_regs < fc->ncols) + if (*max_regs != fc->ncols) *max_regs = fc->ncols; if (*need_col_headers) |