diff options
author | Nick Clifton <nickc@redhat.com> | 2015-01-27 15:49:12 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2015-01-27 15:49:12 +0000 |
commit | 877a8638ba563c667eb5358240334c473d0573a1 (patch) | |
tree | 0482b9e22730c1b0a323a3af2d34c4e1a7a2db49 | |
parent | 37e3922eed415bbedd2dd6e46308fe9e03417770 (diff) | |
download | gdb-877a8638ba563c667eb5358240334c473d0573a1.zip gdb-877a8638ba563c667eb5358240334c473d0573a1.tar.gz gdb-877a8638ba563c667eb5358240334c473d0573a1.tar.bz2 |
Fixes for memory access violations triggered by running addr2line on fuzzed binaries.
PR binutils/17512
* addr2line.c (slurp_symtab): If the symcount is zero, free the
symbol table pointer.
* dwarf2.c (concat_filename): Check for an empty directory table.
(scan_unit_for_symbols): Check for reading off the end of the
unit.
(parse_comp_unit): Check for a DW_AT_comp_dir attribute with a
non-string form.
* elf64-ppc.c (opd_entry_value): Fail if there are no relocs
available.
-rw-r--r-- | bfd/ChangeLog | 8 | ||||
-rw-r--r-- | bfd/dwarf2.c | 17 | ||||
-rw-r--r-- | bfd/elf64-ppc.c | 3 | ||||
-rw-r--r-- | binutils/ChangeLog | 3 | ||||
-rw-r--r-- | binutils/addr2line.c | 8 |
5 files changed, 38 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 1b14297..9abbccd 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -4,6 +4,14 @@ * pdp11.c (aout_get_external_symbols): Return false if there are no symbols. + * dwarf2.c (concat_filename): Check for an empty directory table. + (scan_unit_for_symbols): Check for reading off the end of the + unit. + (parse_comp_unit): Check for a DW_AT_comp_dir attribute with a + non-string form. + * elf64-ppc.c (opd_entry_value): Fail if there are no relocs + available. + 2015-01-26 Kuan-Lin Chen <kuanlinchentw@gmail.com> * elf32-nds32.c (nds32_elf_pick_relax): Fix again setting. diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c index 118092c..ccc1365 100644 --- a/bfd/dwarf2.c +++ b/bfd/dwarf2.c @@ -1387,7 +1387,9 @@ concat_filename (struct line_info_table *table, unsigned int file) char *name; size_t len; - if (table->files[file - 1].dir) + if (table->files[file - 1].dir + /* PR 17512: file: 7f3d2e4b. */ + && table->dirs != NULL) subdir_name = table->dirs[table->files[file - 1].dir - 1]; if (!subdir_name || !IS_ABSOLUTE_PATH (subdir_name)) @@ -2340,6 +2342,10 @@ scan_unit_for_symbols (struct comp_unit *unit) bfd_vma high_pc = 0; bfd_boolean high_pc_relative = FALSE; + /* PR 17512: file: 9f405d9d. */ + if (info_ptr >= unit->stash->info_ptr_end) + goto fail; + abbrev_number = read_unsigned_leb128 (abfd, info_ptr, &bytes_read); info_ptr += bytes_read; @@ -2721,6 +2727,15 @@ parse_comp_unit (struct dwarf2_debug *stash, case DW_AT_comp_dir: { char *comp_dir = attr.u.str; + + /* PR 17512: file: 1fe726be. */ + if (! is_str_attr (attr.form)) + { + (*_bfd_error_handler) + (_("Dwarf Error: DW_AT_comp_dir attribute encountered with a non-string form.")); + comp_dir = NULL; + } + if (comp_dir) { /* Irix 6.2 native cc prepends <machine>.: to the compilation diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c index 5a1ee50..8c7c3b7 100644 --- a/bfd/elf64-ppc.c +++ b/bfd/elf64-ppc.c @@ -5978,6 +5978,9 @@ opd_entry_value (asection *opd_sec, relocs = ppc64_elf_tdata (opd_bfd)->opd.relocs; if (relocs == NULL) relocs = _bfd_elf_link_read_relocs (opd_bfd, opd_sec, NULL, NULL, TRUE); + /* PR 17512: file: df8e1fd6. */ + if (relocs == NULL) + return (bfd_vma) -1; /* Go find the opd reloc at the sym address. */ lo = relocs; diff --git a/binutils/ChangeLog b/binutils/ChangeLog index a017c64..53ec072 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -4,6 +4,9 @@ * dlltool.c (identify_search_archive): If the last archive was the same as the current archive, terminate the loop. + * addr2line.c (slurp_symtab): If the symcount is zero, free the + symbol table pointer. + 2015-01-23 Nick Clifton <nickc@redhat.com> * nlmconv.c (powerpc_mangle_relocs): Fix build errors introduced diff --git a/binutils/addr2line.c b/binutils/addr2line.c index d37145e..e121c74 100644 --- a/binutils/addr2line.c +++ b/binutils/addr2line.c @@ -140,6 +140,14 @@ slurp_symtab (bfd *abfd) syms = xmalloc (storage); symcount = bfd_canonicalize_dynamic_symtab (abfd, syms); } + + /* PR 17512: file: 2a1d3b5b. + Do not pretend that we have some symbols when we don't. */ + if (symcount <= 0) + { + free (syms); + syms = NULL; + } } /* These global variables are used to pass information between |