diff options
author | Nick Clifton <nickc@redhat.com> | 2014-11-27 12:19:10 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2014-11-27 12:19:10 +0000 |
commit | 1036838a771b96ad9428e8fc7ecc45d3d8e056ce (patch) | |
tree | b2908f515505401f6bada294ce7a2ca23797c5d5 | |
parent | 608ce2f3c8b1fb309f50b6426389282ec6031323 (diff) | |
download | gdb-1036838a771b96ad9428e8fc7ecc45d3d8e056ce.zip gdb-1036838a771b96ad9428e8fc7ecc45d3d8e056ce.tar.gz gdb-1036838a771b96ad9428e8fc7ecc45d3d8e056ce.tar.bz2 |
Fixes a few more memory access violations exposed by fuzzed binaries.
PR binutils/17512
* ecoff.c (_bfd_ecoff_slurp_symbol_table): Warn about and correct
a discrepancy between the isymMax and ifdMax values in the
symbolic header.
* elf.c (_bfd_elf_print_private_bfd_data): Fix the range check
scanning the external dynamic entries.
-rw-r--r-- | bfd/ChangeLog | 9 | ||||
-rw-r--r-- | bfd/ecoff.c | 15 | ||||
-rw-r--r-- | bfd/elf.c | 4 |
3 files changed, 27 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index c379fca..8fe5fe6 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,12 @@ +2014-11-27 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * ecoff.c (_bfd_ecoff_slurp_symbol_table): Warn about and correct + a discrepancy between the isymMax and ifdMax values in the + symbolic header. + * elf.c (_bfd_elf_print_private_bfd_data): Fix the range check + scanning the external dynamic entries. + 2014-11-26 Nick Clifton <nickc@redhat.com> PR binutils/17512 diff --git a/bfd/ecoff.c b/bfd/ecoff.c index 33e2134..70783b1 100644 --- a/bfd/ecoff.c +++ b/bfd/ecoff.c @@ -905,6 +905,7 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd) &internal_ptr->symbol, 1, internal_esym.weakext)) return FALSE; + /* The alpha uses a negative ifd field for section symbols. */ if (internal_esym.ifd >= 0) internal_ptr->fdr = (ecoff_data (abfd)->debug_info.fdr @@ -946,6 +947,20 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd) } } + /* PR 17512: file: 3372-3080-0.004. + A discrepancy between ecoff_data (abfd)->debug_info.symbolic_header.isymMax + and ecoff_data (abfd)->debug_info.symbolic_header.ifdMax can mean that + we have fewer symbols than we were expecting. Allow for this by updating + the symbol count and warning the user. */ + if (internal_ptr - internal < bfd_get_symcount (abfd)) + { + bfd_get_symcount (abfd) = internal_ptr - internal; + (*_bfd_error_handler) + (_("%B: warning: isymMax (%ld) is greater than ifdMax (%d)\n"), + abfd, ecoff_data (abfd)->debug_info.symbolic_header.isymMax, + ecoff_data (abfd)->debug_info.symbolic_header.ifdMax); + } + ecoff_data (abfd)->canonical_symbols = internal; return TRUE; @@ -1254,7 +1254,9 @@ _bfd_elf_print_private_bfd_data (bfd *abfd, void *farg) extdyn = dynbuf; extdynend = extdyn + s->size; - for (; extdyn < extdynend; extdyn += extdynsize) + /* PR 17512: file: id:000006,sig:06,src:000000,op:flip4,pos:5664. + Fix range check. */ + for (; extdyn <= (extdynend - extdynsize); extdyn += extdynsize) { Elf_Internal_Dyn dyn; const char *name = ""; |