From 3e33b239450771394fa6c83b67b9de80169f35e8 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Tue, 13 Mar 2018 14:02:52 +0000 Subject: Prevent memory access violations when attempting to parse an x86_64 PE binary containing corrupt unwind information. PR 22113 incldue * coff/pe.h (struct pex64_unwind_info): Add a rawUnwindCodesEnd field. bfd * pei-x86_64.c (pex64_get_unwind_info): Change to a boolean function. Add an end address parameter. Check access of the data pointer to make sure that they do not extend beyond the end address. Return FALSE if any check fails. Add the end address pointer to the ui structure. (pex64_xdata_print_uwd_codes): Check accesses of the raw unwind codes to make sure that they do not extend beyond the end address pointer. Print an error message and return immediately if any check fails. --- include/ChangeLog | 6 ++++++ include/coff/pe.h | 1 + 2 files changed, 7 insertions(+) (limited to 'include') diff --git a/include/ChangeLog b/include/ChangeLog index 529f43c..942c02b 100644 --- a/include/ChangeLog +++ b/include/ChangeLog @@ -1,3 +1,9 @@ +2018-03-13 Nick Clifton + + PR 22113 + * coff/pe.h (struct pex64_unwind_info): Add a rawUnwindCodesEnd + field. + 2018-03-08 H.J. Lu * opcode/i386 (OLDGCC_COMPAT): Removed. diff --git a/include/coff/pe.h b/include/coff/pe.h index 56cc4e2..cb9075a 100644 --- a/include/coff/pe.h +++ b/include/coff/pe.h @@ -497,6 +497,7 @@ struct pex64_unwind_info bfd_vma FrameOffset; bfd_vma sizeofUnwindCodes; bfd_byte *rawUnwindCodes; + bfd_byte *rawUnwindCodesEnd; bfd_vma rva_ExceptionHandler; /* UNW_EHANDLER or UNW_FLAG_UHANDLER. */ bfd_vma rva_BeginAddress; /* UNW_FLAG_CHAININFO. */ bfd_vma rva_EndAddress; /* UNW_FLAG_CHAININFO. */ -- cgit v1.1