diff options
author | Nick Clifton <nickc@redhat.com> | 2014-12-16 14:17:15 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2014-12-16 14:17:15 +0000 |
commit | 033539e2685156ad6ad60e5925bc61cef5ced483 (patch) | |
tree | acdba5d5519157286fb6d5767b9690032f84f5e3 | |
parent | beed38b8273fa18be574a7e84d5d2ee1f563ed48 (diff) | |
download | gdb-033539e2685156ad6ad60e5925bc61cef5ced483.zip gdb-033539e2685156ad6ad60e5925bc61cef5ced483.tar.gz gdb-033539e2685156ad6ad60e5925bc61cef5ced483.tar.bz2 |
Fix a memory access violation triggeed by a fuzzed binary.
PR binutils/17512
* format.c (bfd_check_format_matches): Check for a matching vector
before using match priorities.
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Fix off-by-one
errors with previous delta.
-rw-r--r-- | bfd/ChangeLog | 8 | ||||
-rw-r--r-- | bfd/format.c | 2 | ||||
-rw-r--r-- | bfd/mach-o.c | 6 |
3 files changed, 13 insertions, 3 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 561c603..6152f51 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,11 @@ +2014-12-16 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * format.c (bfd_check_format_matches): Check for a matching vector + before using match priorities. + * mach-o.c (bfd_mach_o_canonicalize_one_reloc): Fix off-by-one + errors with previous delta. + 2014-12-15 H.J. Lu <hongjiu.lu@intel.com> PR ld/17713 diff --git a/bfd/format.c b/bfd/format.c index c4bc944..f0d1e66 100644 --- a/bfd/format.c +++ b/bfd/format.c @@ -402,7 +402,7 @@ bfd_check_format_matches (bfd *abfd, bfd_format format, char ***matching) /* We still have more than one equally good match, and at least some of the targets support match priority. Choose the first of the best matches. */ - if (match_count > 1 && best_count != match_count) + if (matching_vector && match_count > 1 && best_count != match_count) { int i; diff --git a/bfd/mach-o.c b/bfd/mach-o.c index 31ffa84..61d60db 100644 --- a/bfd/mach-o.c +++ b/bfd/mach-o.c @@ -1350,7 +1350,7 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd, if (reloc.r_extern) { /* PR 17512: file: 8396-1185-0.004. */ - if (num >= bfd_get_symcount (abfd)) + if (bfd_get_symcount (abfd) > 0 && num > bfd_get_symcount (abfd)) sym = bfd_und_section_ptr->symbol_ptr_ptr; else /* An external symbol number. */ @@ -1368,7 +1368,7 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd, else { /* PR 17512: file: 006-2964-0.004. */ - if (num >= mdata->nsects) + if (num > mdata->nsects) return -1; /* A section number. */ @@ -1400,6 +1400,7 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd, if (!(*bed->_bfd_mach_o_swap_reloc_in)(res, &reloc)) return -1; + return 0; } @@ -1414,6 +1415,7 @@ bfd_mach_o_canonicalize_relocs (bfd *abfd, unsigned long filepos, /* Allocate and read relocs. */ native_size = count * BFD_MACH_O_RELENT_SIZE; + native_relocs = (struct mach_o_reloc_info_external *) bfd_malloc (native_size); if (native_relocs == NULL) |