aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2014-12-16 14:17:15 +0000
committerNick Clifton <nickc@redhat.com>2014-12-16 14:17:15 +0000
commit033539e2685156ad6ad60e5925bc61cef5ced483 (patch)
treeacdba5d5519157286fb6d5767b9690032f84f5e3
parentbeed38b8273fa18be574a7e84d5d2ee1f563ed48 (diff)
downloadgdb-033539e2685156ad6ad60e5925bc61cef5ced483.zip
gdb-033539e2685156ad6ad60e5925bc61cef5ced483.tar.gz
gdb-033539e2685156ad6ad60e5925bc61cef5ced483.tar.bz2
Fix a memory access violation triggeed by a fuzzed binary.
PR binutils/17512 * format.c (bfd_check_format_matches): Check for a matching vector before using match priorities. * mach-o.c (bfd_mach_o_canonicalize_one_reloc): Fix off-by-one errors with previous delta.
-rw-r--r--bfd/ChangeLog8
-rw-r--r--bfd/format.c2
-rw-r--r--bfd/mach-o.c6
3 files changed, 13 insertions, 3 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 561c603..6152f51 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,11 @@
+2014-12-16 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * format.c (bfd_check_format_matches): Check for a matching vector
+ before using match priorities.
+ * mach-o.c (bfd_mach_o_canonicalize_one_reloc): Fix off-by-one
+ errors with previous delta.
+
2014-12-15 H.J. Lu <hongjiu.lu@intel.com>
PR ld/17713
diff --git a/bfd/format.c b/bfd/format.c
index c4bc944..f0d1e66 100644
--- a/bfd/format.c
+++ b/bfd/format.c
@@ -402,7 +402,7 @@ bfd_check_format_matches (bfd *abfd, bfd_format format, char ***matching)
/* We still have more than one equally good match, and at least some
of the targets support match priority. Choose the first of the
best matches. */
- if (match_count > 1 && best_count != match_count)
+ if (matching_vector && match_count > 1 && best_count != match_count)
{
int i;
diff --git a/bfd/mach-o.c b/bfd/mach-o.c
index 31ffa84..61d60db 100644
--- a/bfd/mach-o.c
+++ b/bfd/mach-o.c
@@ -1350,7 +1350,7 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd,
if (reloc.r_extern)
{
/* PR 17512: file: 8396-1185-0.004. */
- if (num >= bfd_get_symcount (abfd))
+ if (bfd_get_symcount (abfd) > 0 && num > bfd_get_symcount (abfd))
sym = bfd_und_section_ptr->symbol_ptr_ptr;
else
/* An external symbol number. */
@@ -1368,7 +1368,7 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd,
else
{
/* PR 17512: file: 006-2964-0.004. */
- if (num >= mdata->nsects)
+ if (num > mdata->nsects)
return -1;
/* A section number. */
@@ -1400,6 +1400,7 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd,
if (!(*bed->_bfd_mach_o_swap_reloc_in)(res, &reloc))
return -1;
+
return 0;
}
@@ -1414,6 +1415,7 @@ bfd_mach_o_canonicalize_relocs (bfd *abfd, unsigned long filepos,
/* Allocate and read relocs. */
native_size = count * BFD_MACH_O_RELENT_SIZE;
+
native_relocs =
(struct mach_o_reloc_info_external *) bfd_malloc (native_size);
if (native_relocs == NULL)