diff options
author | Nick Clifton <nickc@redhat.com> | 2016-02-19 15:55:06 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2016-02-19 15:55:06 +0000 |
commit | e517df3dbf7556ddb389228d713a804594ee3c1f (patch) | |
tree | a396f3f8dd158529a85a360a37895979e8cde692 | |
parent | 737684142b3f7dfa6d440c8363750911a8ac20ce (diff) | |
download | gdb-e517df3dbf7556ddb389228d713a804594ee3c1f.zip gdb-e517df3dbf7556ddb389228d713a804594ee3c1f.tar.gz gdb-e517df3dbf7556ddb389228d713a804594ee3c1f.tar.bz2 |
Prevent a seg-fault in the linker when accessing a specially crafted, corrupt, aout binary.
PR ld/19629
* aoutx.h (aout_link_add_symbols): Check for out of range string
table offsets.
-rw-r--r-- | bfd/ChangeLog | 4 | ||||
-rw-r--r-- | bfd/aoutx.h | 10 |
2 files changed, 14 insertions, 0 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index b1b4047..17b24c1 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,5 +1,9 @@ 2016-02-19 Nick Clifton <nickc@redhat.com> + PR ld/19629 + * aoutx.h (aout_link_add_symbols): Check for out of range string + table offsets. + PR ld/19628 * reloc.c (bfd_generic_get_relocated_section_contents): Stop processing if we encounter a reloc without an associated symbol. diff --git a/bfd/aoutx.h b/bfd/aoutx.h index 665afe4..61ac9b3 100644 --- a/bfd/aoutx.h +++ b/bfd/aoutx.h @@ -3002,7 +3002,11 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info) if ((type & N_STAB) != 0) continue; + /* PR 19629: Corrupt binaries can contain illegal string offsets. */ + if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd)) + return FALSE; name = strings + GET_WORD (abfd, p->e_strx); + value = GET_WORD (abfd, p->e_value); flags = BSF_GLOBAL; string = NULL; @@ -3060,6 +3064,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info) which this one really is. */ BFD_ASSERT (p + 1 < pend); ++p; + /* PR 19629: Corrupt binaries can contain illegal string offsets. */ + if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd)) + return FALSE; string = strings + GET_WORD (abfd, p->e_strx); section = bfd_ind_section_ptr; flags |= BSF_INDIRECT; @@ -3093,6 +3100,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info) return TRUE; ++p; string = name; + /* PR 19629: Corrupt binaries can contain illegal string offsets. */ + if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd)) + return FALSE; name = strings + GET_WORD (abfd, p->e_strx); section = bfd_und_section_ptr; flags |= BSF_WARNING; |