diff options
| author | Nick Clifton <nickc@redhat.com> | 2014-12-01 11:19:39 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2014-12-01 11:19:39 +0000 |
| commit | 591f7597d447d8d038d6d8e24a706d1d5e32eba1 (patch) | |
| tree | b15865685398ad63e89487842d9b896a421c7105 /binutils/dwarf.c | |
| parent | 9e8cd6df3ca295986b2c295b6cfa5ceadd410bb4 (diff) | |
| download | binutils-591f7597d447d8d038d6d8e24a706d1d5e32eba1.zip binutils-591f7597d447d8d038d6d8e24a706d1d5e32eba1.tar.gz binutils-591f7597d447d8d038d6d8e24a706d1d5e32eba1.tar.bz2 | |
Add checks for memory access violations exposed by fuzzed archives.
PR binutils/17531
* dwarf.c (process_cu_tu_index): Check for an out of range row
index.
* elfcomm.c (adjust_relative_path): Change name_len parameter to
an unsigned long. Check for path length overflow.
(process_archive_index_and_symbols): Check for invalid header
size.
(setup_archive): Add checks for invalid archives.
(get_archive_member_name): Add range checks.
* elfcomm.h (adjust_relative_path): Update prototyoe.
* readelf.c (process_archive): Add range checks.
Diffstat (limited to 'binutils/dwarf.c')
| -rw-r--r-- | binutils/dwarf.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/binutils/dwarf.c b/binutils/dwarf.c index e2bac1f..5f953d5 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -6796,6 +6796,14 @@ process_cu_tu_index (struct dwarf_section *section, int do_display) SAFE_BYTE_GET (row, pi, 4, limit); if (row != 0) { + /* PR 17531: file: a05f6ab3. */ + if (row >= nused) + { + warn (_("Row index (%u) is larger than number of used entries (%u)\n"), + row, nused); + return 0; + } + if (!do_display) memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t)); |