aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2014-10-30 15:52:10 +0000
committerNick Clifton <nickc@redhat.com>2014-10-30 15:52:10 +0000
commit7e760b06b212f01b3819d5b37e8f5b613e0db34c (patch)
treeaaa6565f7fe8ac341a262055ee5572966e1c7ba1
parent3bdff46b67a527886f49735a5d192c05a332a131 (diff)
downloadgdb-7e760b06b212f01b3819d5b37e8f5b613e0db34c.zip
gdb-7e760b06b212f01b3819d5b37e8f5b613e0db34c.tar.gz
gdb-7e760b06b212f01b3819d5b37e8f5b613e0db34c.tar.bz2
Closes another memory corruption, this time due to heap overrun.
PR binutils/17512 * coffgen.c (coff_get_normalized_symtab): Prevent buffer overrun.
-rw-r--r--bfd/ChangeLog5
-rw-r--r--bfd/coffgen.c8
2 files changed, 11 insertions, 2 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index a5790a5..f25c1b1 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2014-10-30 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * coffgen.c (coff_get_normalized_symtab): Prevent buffer overrun.
+
2014-10-29 Nick Clifton <nickc@redhat.com>
* elf.c (bfd_section_from_shdr): Fix heap use after free memory
diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index 3f22389..a1a0325 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1748,7 +1748,7 @@ coff_get_normalized_symtab (bfd *abfd)
if (internal == NULL && size != 0)
return NULL;
internal_end = internal + obj_raw_syment_count (abfd);
-
+
if (! _bfd_coff_get_external_symbols (abfd))
return NULL;
@@ -1766,8 +1766,8 @@ coff_get_normalized_symtab (bfd *abfd)
raw_src < raw_end;
raw_src += symesz, internal_ptr++)
{
-
unsigned int i;
+
bfd_coff_swap_sym_in (abfd, (void *) raw_src,
(void *) & internal_ptr->u.syment);
symbol_ptr = internal_ptr;
@@ -1777,6 +1777,10 @@ coff_get_normalized_symtab (bfd *abfd)
i++)
{
internal_ptr++;
+ /* PR 17512: Prevent buffer overrun. */
+ if (internal_ptr >= internal_end)
+ return NULL;
+
raw_src += symesz;
bfd_coff_swap_aux_in (abfd, (void *) raw_src,
symbol_ptr->u.syment.n_type,