diff options
| author | Nick Clifton <nickc@redhat.com> | 2014-11-10 14:18:45 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2014-11-10 14:27:38 +0000 |
| commit | 36e9d67b868c85232ab630514260f0d9c9c6b27b (patch) | |
| tree | 62b5f40c0cc1529cb235b367c505804dc4bfcd71 /bfd/peicode.h | |
| parent | b1f28d992c916eab861df3fa62d436755f874b62 (diff) | |
| download | gdb-36e9d67b868c85232ab630514260f0d9c9c6b27b.zip gdb-36e9d67b868c85232ab630514260f0d9c9c6b27b.tar.gz gdb-36e9d67b868c85232ab630514260f0d9c9c6b27b.tar.bz2 | |
More fixes for problems exposed by valgrind and the address sanitizer
when displaying the contents of corrupt files.
PR binutils/17521
* coff-i386.c (NUM_HOWTOS): New define.
(RTYPE2HOWTO): Use it.
(coff_i386_rtype_to_howto): Likewise.
(coff_i386_reloc_name_lookup): Likewise.
(CALC_ADDEND): Check that reloc r_type field is valid.
* coff-x86_64.c (NUM_HOWTOS): New define.
(RTYPE2HOWTO): Use it.
(coff_amd64_rtype_to_howto): Likewise.
(coff_amd64_reloc_name_lookup): Likewise.
(CALC_ADDEND): Check that reloc r_type field is valid.
* coffcode.h (coff_slurp_line_table): Check for symbol table
indexing underflow.
(coff_slurp_symbol_table): Use zalloc to ensure that all table
entries are initialised.
* coffgen.c (_bfd_coff_read_string_table): Initialise unused bits
in the string table. Also ensure that the table is 0 terminated.
(coff_get_normalized_symtab): Check for symbol table indexing
underflow.
* opncls.c (bfd_alloc): Catch the case where a small negative size
can result in only 1 byte being allocated.
(bfd_alloc2): Use bfd_alloc.
* pe-mips.c (NUM_HOWTOS): New define.
(coff_mips_reloc_name_lookup): Use it.
(CALC_ADDEND): Check that reloc r_type field is valid.
* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Initialise unused entries
in the DataDirectory.
(pe_print_idata): Avoid reading beyond the end of the data block
wen printing strings.
(pe_print_edata): Likewise.
Check for table indexing underflow.
* peicode.h (pe_mkobject): Initialise the pe_opthdr field.
(pe_bfd_object_p): Allocate and initialize enough space to hold a
PEAOUTHDR, even if the opt_hdr field specified less.
Diffstat (limited to 'bfd/peicode.h')
| -rw-r--r-- | bfd/peicode.h | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/bfd/peicode.h b/bfd/peicode.h index 157879b..c3d13f8 100644 --- a/bfd/peicode.h +++ b/bfd/peicode.h @@ -271,6 +271,7 @@ pe_mkobject (bfd * abfd) /* in_reloc_p is architecture dependent. */ pe->in_reloc_p = in_reloc_p; + memset (& pe->pe_opthdr, 0, sizeof pe->pe_opthdr); return TRUE; } @@ -1313,7 +1314,7 @@ pe_bfd_object_p (bfd * abfd) /* Swap file header, so that we get the location for calling real_object_p. */ - bfd_coff_swap_filehdr_in (abfd, (PTR)&image_hdr, &internal_f); + bfd_coff_swap_filehdr_in (abfd, &image_hdr, &internal_f); if (! bfd_coff_bad_format_hook (abfd, &internal_f) || internal_f.f_opthdr > bfd_coff_aoutsz (abfd)) @@ -1327,16 +1328,21 @@ pe_bfd_object_p (bfd * abfd) if (opt_hdr_size != 0) { - PTR opthdr; + bfd_size_type amt = opt_hdr_size; + void * opthdr; - opthdr = bfd_alloc (abfd, opt_hdr_size); + /* PR 17521 file: 230-131433-0.004. */ + if (amt < sizeof (PEAOUTHDR)) + amt = sizeof (PEAOUTHDR); + + opthdr = bfd_zalloc (abfd, amt); if (opthdr == NULL) return NULL; if (bfd_bread (opthdr, opt_hdr_size, abfd) != (bfd_size_type) opt_hdr_size) return NULL; - bfd_coff_swap_aouthdr_in (abfd, opthdr, (PTR) & internal_a); + bfd_coff_swap_aouthdr_in (abfd, opthdr, & internal_a); } return coff_real_object_p (abfd, internal_f.f_nscns, &internal_f, |