Fix illegal memory access errors triggered by running srconv on fuzzed binaries.

PR binutils/17512 * dwarf.c (read_leb128): Fix test for shift becoming too large. * coffgrok.c (do_define): Add check for type size overflow. * srconv.c (walk_tree_sfile): Check that enough sections are available before parsing. (prescan): Likewise.
author: Nick Clifton <nickc@redhat.com> 2015-02-13 12:14:05 +0000
committer: Nick Clifton <nickc@redhat.com> 2015-02-13 12:14:05 +0000
commit: 951eaaec17411eba4debe19781f6b8b54306256e (patch)
tree: 1be6fd05bc2f063241cddccb211b06acfc99290b /binutils/coffgrok.c
parent: f641dd969f91a83adf319b269c2411141b0a26a9 (diff)
download: binutils-951eaaec17411eba4debe19781f6b8b54306256e.zip
binutils-951eaaec17411eba4debe19781f6b8b54306256e.tar.gz
binutils-951eaaec17411eba4debe19781f6b8b54306256e.tar.bz2
1 files changed, 2 insertions, 4 deletions
diff --git a/binutils/coffgrok.c b/binutils/coffgrok.c
index 2bbfdc4..0b953e8 100644
--- a/binutils/coffgrok.c
+++ b/binutils/coffgrok.c
@@ -668,12 +668,10 @@ do_define (unsigned int i, struct coff_scope *b)
 
 	  if (!is->init)
 	    {
-	      long high = s->where->offset + s->type->size; 
-
 	      is->low = s->where->offset;
-	      is->high = high;
+	      is->high = s->where->offset + s->type->size; 
 	      /* PR 17512: file: 37e7a80d.  */
-	      if (is->high != high)
+	      if (is->high < s->where->offset)
 		fatal (_("Out of range type size: %u"), s->type->size);
 	      is->init = 1;
 	      is->parent = s->where->section;
author	Nick Clifton <nickc@redhat.com>	2015-02-13 12:14:05 +0000
committer	Nick Clifton <nickc@redhat.com>	2015-02-13 12:14:05 +0000
commit	951eaaec17411eba4debe19781f6b8b54306256e (patch)
tree	1be6fd05bc2f063241cddccb211b06acfc99290b /binutils/coffgrok.c
parent	f641dd969f91a83adf319b269c2411141b0a26a9 (diff)
download	binutils-951eaaec17411eba4debe19781f6b8b54306256e.zip binutils-951eaaec17411eba4debe19781f6b8b54306256e.tar.gz binutils-951eaaec17411eba4debe19781f6b8b54306256e.tar.bz2