From 77ef86547510cee3a2bff27bea9f19f0b2715bae Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Tue, 10 Feb 2015 14:11:00 +0000 Subject: Fix memory access violations triggered by running objdump compiled with out-of-bounds sanitization checking. PR binutils/17512 * dwarf.c (eh_addr_size): Use an unsigned type. (size_of_encoded_value): Return an unsigned type. (read_leb128): Break if the shift becomes too big. (process_extended_line_op): Do not read the address if the length is too long. (read_cie): Warn and fail if the pointer size or segment size are too big. * dwarf.h (DWARF2_External_LineInfo): Delete unused and incorrect structure definition. (DWARF2_External_PubNames): Likewise. (DWARF2_External_CompUnit): Likewise. (DWARF2_External_ARange): Likewise. (DWARF2_Internal_LineInfo): Use dwarf_vma type for li_prologue_length. (eh_addr_size): Update prototype. * coffcode.h (styp_to_sec_flags): Use an unsigned long type to hold the flag bits. * peXXigen.c (pe_print_reloc): Use unsigned types to hold the size and number of relocs. (pe_print_debugdata): Use a 32-bit aligned buffer to store the codeview record. * versados.c (process_otr): Check the esdid value before using it to access the EDATA. --- bfd/versados.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'bfd/versados.c') diff --git a/bfd/versados.c b/bfd/versados.c index 2540314..93a90a7 100644 --- a/bfd/versados.c +++ b/bfd/versados.c @@ -373,7 +373,7 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass) | (otr->map[2] << 8) | (otr->map[3] << 0); - struct esdid *esdid = &EDATA (abfd, otr->esdid - 1); + struct esdid *esdid; unsigned char *contents; bfd_boolean need_contents = FALSE; unsigned int dst_idx; @@ -382,6 +382,7 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass) if (otr->esdid == 0) return; + esdid = &EDATA (abfd, otr->esdid - 1); contents = esdid->contents; dst_idx = esdid->pc; -- cgit v1.1