aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2023-08-22 21:13:41 +0930
committerAlan Modra <amodra@gmail.com>2023-08-23 10:07:45 +0930
commit8c8145a43ee4815b8851f8da7091c04f551dff6e (patch)
treeba368cb19bfdeb00b9a51e22dd01edafc0ca5859
parente2ce77cd639c86ce89b10ee70e73bd09670e0111 (diff)
downloadgdb-8c8145a43ee4815b8851f8da7091c04f551dff6e.zip
gdb-8c8145a43ee4815b8851f8da7091c04f551dff6e.tar.gz
gdb-8c8145a43ee4815b8851f8da7091c04f551dff6e.tar.bz2
bfd_get_symbol_leading_char vs. ""
Some places matching the first char of a string against bfd_get_symbol_leading_char, which may be zero, didn't check for the string being "". This patch adds the check to stop accesses past the end of the string and potential buffer overruns. The dlltool one was found by oss-fuzz quite a while ago. bfd/ * cofflink.c (_bfd_coff_link_input_bfd): Ensure a zero bfd_get_symbol_leading_char doesn't lead to accessing past the zero string terminator. * linker.c (bfd_wrapped_link_hash_lookup): Likewise. (unwrap_hash_lookup): Likewise. binutils/ * dlltool.c (scan_filtered_symbols): Ensure a zero bfd_get_symbol_leading_char doesn't lead to accessing past the zero string terminator.
-rw-r--r--bfd/cofflink.c3
-rw-r--r--bfd/linker.c9
-rw-r--r--binutils/dlltool.c3
3 files changed, 10 insertions, 5 deletions
diff --git a/bfd/cofflink.c b/bfd/cofflink.c
index aea5c4c..221f6e8 100644
--- a/bfd/cofflink.c
+++ b/bfd/cofflink.c
@@ -1618,7 +1618,8 @@ _bfd_coff_link_input_bfd (struct coff_final_link_info *flaginfo, bfd *input_bfd)
/* Ignore fake names invented by compiler; treat them all as
the same name. */
if (*name == '~' || *name == '.' || *name == '$'
- || (*name == bfd_get_symbol_leading_char (input_bfd)
+ || (*name
+ && *name == bfd_get_symbol_leading_char (input_bfd)
&& (name[1] == '~' || name[1] == '.' || name[1] == '$')))
name = "";
diff --git a/bfd/linker.c b/bfd/linker.c
index 0f4f9a1..28fffc3 100644
--- a/bfd/linker.c
+++ b/bfd/linker.c
@@ -544,7 +544,9 @@ bfd_wrapped_link_hash_lookup (bfd *abfd,
char prefix = '\0';
l = string;
- if (*l == bfd_get_symbol_leading_char (abfd) || *l == info->wrap_char)
+ if (*l
+ && (*l == bfd_get_symbol_leading_char (abfd)
+ || *l == info->wrap_char))
{
prefix = *l;
++l;
@@ -621,8 +623,9 @@ unwrap_hash_lookup (struct bfd_link_info *info,
{
const char *l = h->root.string;
- if (*l == bfd_get_symbol_leading_char (input_bfd)
- || *l == info->wrap_char)
+ if (*l
+ && (*l == bfd_get_symbol_leading_char (input_bfd)
+ || *l == info->wrap_char))
++l;
if (startswith (l, WRAP))
diff --git a/binutils/dlltool.c b/binutils/dlltool.c
index 085d4c2..6d63e11 100644
--- a/binutils/dlltool.c
+++ b/binutils/dlltool.c
@@ -1500,7 +1500,8 @@ scan_filtered_symbols (bfd *abfd, void *minisyms, long symcount,
bfd_fatal (bfd_get_filename (abfd));
symbol_name = bfd_asymbol_name (sym);
- if (bfd_get_symbol_leading_char (abfd) == symbol_name[0])
+ if (*symbol_name
+ && *symbol_name == bfd_get_symbol_leading_char (abfd))
++symbol_name;
def_exports (xstrdup (symbol_name) , 0, -1, 0, 0,