diff options
| author | Nick Clifton <nickc@redhat.com> | 2015-01-12 16:08:41 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2015-01-12 16:08:41 +0000 |
| commit | 72c61a0d1ef445f99305859b66450da60ec6e0cb (patch) | |
| tree | dfe02ba917560930a9ee5567b15b63e324913d38 /binutils/dwarf.c | |
| parent | 696025802ec3273fde5cbf82c215a3d795435c1a (diff) | |
| download | binutils-72c61a0d1ef445f99305859b66450da60ec6e0cb.zip binutils-72c61a0d1ef445f99305859b66450da60ec6e0cb.tar.gz binutils-72c61a0d1ef445f99305859b66450da60ec6e0cb.tar.bz2 | |
More fixes for memory access errors when running readelf on fuzzed binaries.
PR binutils/17531
* dwarf.c (process_debug_info): Check for abbrev_base being larger
than the section size.
(process_cu_tu_index): Use xcalloc2 to allocate the CU and TU
arrays.
(xcalloc2): New function. Like xcalloc, but checks for overflow.
* dwarf.h (xcalloc2): Prototype.
Diffstat (limited to 'binutils/dwarf.c')
| -rw-r--r-- | binutils/dwarf.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 2500a49..19b4b44 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -2466,6 +2466,11 @@ process_debug_info (struct dwarf_section *section, warn (_("Debug info is corrupted, abbrev offset (%lx) is larger than abbrev section size (%lx)\n"), (unsigned long) compunit.cu_abbrev_offset, (unsigned long) abbrev_size); + /* PR 17531: file:4bcd9ce9. */ + else if (abbrev_base >= abbrev_size) + warn (_("Debug info is corrupted, abbrev base (%lx) is larger than abbrev section size (%lx)\n"), + (unsigned long) abbrev_base, + (unsigned long) abbrev_size); else process_abbrev_section (((unsigned char *) debug_displays [abbrev_sec].section.start @@ -6832,7 +6837,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display) /* PR 17512: file: 002-376-0.004. */ if (section->size < 24) { - warn (_("Section %s is too small to contain a CU/TU header"), + warn (_("Section %s is too small to contain a CU/TU header\n"), section->name); return 0; } @@ -6942,13 +6947,13 @@ process_cu_tu_index (struct dwarf_section *section, int do_display) if (is_tu_index) { tu_count = nused; - tu_sets = xcmalloc (nused, sizeof (struct cu_tu_set)); + tu_sets = xcalloc2 (nused, sizeof (struct cu_tu_set)); this_set = tu_sets; } else { cu_count = nused; - cu_sets = xcmalloc (nused, sizeof (struct cu_tu_set)); + cu_sets = xcalloc2 (nused, sizeof (struct cu_tu_set)); this_set = cu_sets; } } @@ -7152,6 +7157,17 @@ cmalloc (size_t nmemb, size_t size) return xmalloc (nmemb * size); } +/* Like xcalloc, but verifies that the first paramer is not too large. */ +void * +xcalloc2 (size_t nmemb, size_t size) +{ + /* Check for overflow. */ + if (nmemb >= ~(size_t) 0 / size) + return NULL; + + return xcalloc (nmemb, size); +} + /* Like xmalloc, but takes two parameters. Note: does *not* initialise the allocated memory to zero. */ void * |