More fixes for invalid memory accesses exposed by fuzzed binaries.

	PR binutils/17531
	* dwarf.c (decode_location_expression): Check for an out of range
	value for a DW_OP_GNU_entry_value expression.
	(display_debug_lines_raw): Check for a partial
	.debug_line. section being encountered without a prior, full
	.debug.line section.
	(display_debug_lines_decoded): Likewise.  Also check for
	li_line_range being zero.
	(display_debug_pubnames_worker): Check for an invalid pn_length
	field.
	(read_cie): Add range checks.
	* elfcomm.c (setup_archive): Check for a negative longnames_size.

1 files changed, 10 insertions, 0 deletions

diff --git a/binutils/elfcomm.c b/binutils/elfcomm.c
index 0cdcf63..0fdbcfb 100644
--- a/binutils/elfcomm.c
+++ b/binutils/elfcomm.c
@@ -655,6 +655,14 @@ setup_archive (struct archive_info *arch, const char *file_name,
 		 file_name, arch->longnames_size);
 	  return 1;
 	}
+      /* PR 17531: file: 639d6a26.  */
+      if ((signed long) arch->longnames_size < 0)
+	{
+	  error (_("%s: long name table is too big, (size = 0x%lx)\n"),
+		 file_name, arch->longnames_size);
+	  return 1;
+	}
+
       arch->next_arhdr_offset += sizeof arch->arhdr + arch->longnames_size;
 
       /* Plus one to allow for a string terminator.  */
@@ -676,6 +684,8 @@ setup_archive (struct archive_info *arch, const char *file_name,
 
       if ((arch->longnames_size & 1) != 0)
 	getc (file);
+
+      arch->longnames[arch->longnames_size] = 0;
     }
 
   return 0;