aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2016-02-19 15:55:06 +0000
committerNick Clifton <nickc@redhat.com>2016-02-19 15:55:06 +0000
commite517df3dbf7556ddb389228d713a804594ee3c1f (patch)
treea396f3f8dd158529a85a360a37895979e8cde692
parent737684142b3f7dfa6d440c8363750911a8ac20ce (diff)
downloadgdb-e517df3dbf7556ddb389228d713a804594ee3c1f.zip
gdb-e517df3dbf7556ddb389228d713a804594ee3c1f.tar.gz
gdb-e517df3dbf7556ddb389228d713a804594ee3c1f.tar.bz2
Prevent a seg-fault in the linker when accessing a specially crafted, corrupt, aout binary.
PR ld/19629 * aoutx.h (aout_link_add_symbols): Check for out of range string table offsets.
-rw-r--r--bfd/ChangeLog4
-rw-r--r--bfd/aoutx.h10
2 files changed, 14 insertions, 0 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index b1b4047..17b24c1 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,9 @@
2016-02-19 Nick Clifton <nickc@redhat.com>
+ PR ld/19629
+ * aoutx.h (aout_link_add_symbols): Check for out of range string
+ table offsets.
+
PR ld/19628
* reloc.c (bfd_generic_get_relocated_section_contents): Stop
processing if we encounter a reloc without an associated symbol.
diff --git a/bfd/aoutx.h b/bfd/aoutx.h
index 665afe4..61ac9b3 100644
--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
@@ -3002,7 +3002,11 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
if ((type & N_STAB) != 0)
continue;
+ /* PR 19629: Corrupt binaries can contain illegal string offsets. */
+ if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
+ return FALSE;
name = strings + GET_WORD (abfd, p->e_strx);
+
value = GET_WORD (abfd, p->e_value);
flags = BSF_GLOBAL;
string = NULL;
@@ -3060,6 +3064,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
which this one really is. */
BFD_ASSERT (p + 1 < pend);
++p;
+ /* PR 19629: Corrupt binaries can contain illegal string offsets. */
+ if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
+ return FALSE;
string = strings + GET_WORD (abfd, p->e_strx);
section = bfd_ind_section_ptr;
flags |= BSF_INDIRECT;
@@ -3093,6 +3100,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
return TRUE;
++p;
string = name;
+ /* PR 19629: Corrupt binaries can contain illegal string offsets. */
+ if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
+ return FALSE;
name = strings + GET_WORD (abfd, p->e_strx);
section = bfd_und_section_ptr;
flags |= BSF_WARNING;