aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2014-11-27 12:19:10 +0000
committerNick Clifton <nickc@redhat.com>2014-11-27 12:19:10 +0000
commit1036838a771b96ad9428e8fc7ecc45d3d8e056ce (patch)
treeb2908f515505401f6bada294ce7a2ca23797c5d5
parent608ce2f3c8b1fb309f50b6426389282ec6031323 (diff)
downloadgdb-1036838a771b96ad9428e8fc7ecc45d3d8e056ce.zip
gdb-1036838a771b96ad9428e8fc7ecc45d3d8e056ce.tar.gz
gdb-1036838a771b96ad9428e8fc7ecc45d3d8e056ce.tar.bz2
Fixes a few more memory access violations exposed by fuzzed binaries.
PR binutils/17512 * ecoff.c (_bfd_ecoff_slurp_symbol_table): Warn about and correct a discrepancy between the isymMax and ifdMax values in the symbolic header. * elf.c (_bfd_elf_print_private_bfd_data): Fix the range check scanning the external dynamic entries.
-rw-r--r--bfd/ChangeLog9
-rw-r--r--bfd/ecoff.c15
-rw-r--r--bfd/elf.c4
3 files changed, 27 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index c379fca..8fe5fe6 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,12 @@
+2014-11-27 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * ecoff.c (_bfd_ecoff_slurp_symbol_table): Warn about and correct
+ a discrepancy between the isymMax and ifdMax values in the
+ symbolic header.
+ * elf.c (_bfd_elf_print_private_bfd_data): Fix the range check
+ scanning the external dynamic entries.
+
2014-11-26 Nick Clifton <nickc@redhat.com>
PR binutils/17512
diff --git a/bfd/ecoff.c b/bfd/ecoff.c
index 33e2134..70783b1 100644
--- a/bfd/ecoff.c
+++ b/bfd/ecoff.c
@@ -905,6 +905,7 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
&internal_ptr->symbol, 1,
internal_esym.weakext))
return FALSE;
+
/* The alpha uses a negative ifd field for section symbols. */
if (internal_esym.ifd >= 0)
internal_ptr->fdr = (ecoff_data (abfd)->debug_info.fdr
@@ -946,6 +947,20 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
}
}
+ /* PR 17512: file: 3372-3080-0.004.
+ A discrepancy between ecoff_data (abfd)->debug_info.symbolic_header.isymMax
+ and ecoff_data (abfd)->debug_info.symbolic_header.ifdMax can mean that
+ we have fewer symbols than we were expecting. Allow for this by updating
+ the symbol count and warning the user. */
+ if (internal_ptr - internal < bfd_get_symcount (abfd))
+ {
+ bfd_get_symcount (abfd) = internal_ptr - internal;
+ (*_bfd_error_handler)
+ (_("%B: warning: isymMax (%ld) is greater than ifdMax (%d)\n"),
+ abfd, ecoff_data (abfd)->debug_info.symbolic_header.isymMax,
+ ecoff_data (abfd)->debug_info.symbolic_header.ifdMax);
+ }
+
ecoff_data (abfd)->canonical_symbols = internal;
return TRUE;
diff --git a/bfd/elf.c b/bfd/elf.c
index d3a1bb4..de8d97f 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -1254,7 +1254,9 @@ _bfd_elf_print_private_bfd_data (bfd *abfd, void *farg)
extdyn = dynbuf;
extdynend = extdyn + s->size;
- for (; extdyn < extdynend; extdyn += extdynsize)
+ /* PR 17512: file: id:000006,sig:06,src:000000,op:flip4,pos:5664.
+ Fix range check. */
+ for (; extdyn <= (extdynend - extdynsize); extdyn += extdynsize)
{
Elf_Internal_Dyn dyn;
const char *name = "";