aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2019-01-25 13:16:06 +0000
committerNick Clifton <nickc@redhat.com>2019-01-25 13:16:06 +0000
commit183445093ebd6be285e29f75b877e62a723918c6 (patch)
treee2cded412b9707f6f31ad6f88cc697a54d1ee6fc
parent9ed1348c2008f54368f0fd989a0bf2de8b93329a (diff)
downloadgdb-183445093ebd6be285e29f75b877e62a723918c6.zip
gdb-183445093ebd6be285e29f75b877e62a723918c6.tar.gz
gdb-183445093ebd6be285e29f75b877e62a723918c6.tar.bz2
Prevent a potential illegal memory access in readelf when parsing a note with a zero name size.
PR 24131 * readelf.c (process_notes_at): Prevent an illegal memory access when the note's namesize is zero. (decode_tic6x_unwind_bytecode): Add code to handle the case where no registers are specified in a frame pop instruction.
-rw-r--r--binutils/ChangeLog8
-rw-r--r--binutils/readelf.c33
2 files changed, 28 insertions, 13 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 7653019..a5f9bde 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,5 +1,13 @@
2019-01-25 Nick Clifton <nickc@redhat.com>
+ PR 24131
+ * readelf.c (process_notes_at): Prevent an illegal memory access
+ when the note's namesize is zero.
+ (decode_tic6x_unwind_bytecode): Add code to handle the case where
+ no registers are specified in a frame pop instruction.
+
+2019-01-25 Nick Clifton <nickc@redhat.com>
+
* po/bg.po: Updated Bulgarian translation.
2019-01-23 Nick Clifton <nickc@redhat.com>
diff --git a/binutils/readelf.c b/binutils/readelf.c
index b13eb6a..77acc6a 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -8852,21 +8852,28 @@ decode_tic6x_unwind_bytecode (Filedata * filedata,
}
printf (_("pop frame {"));
- reg = nregs - 1;
- for (i = i * 2; i > 0; i--)
+ if (nregs == 0)
{
- if (regpos[reg].offset == i - 1)
+ printf (_("*corrupt* - no registers specified"));
+ }
+ else
+ {
+ reg = nregs - 1;
+ for (i = i * 2; i > 0; i--)
{
- name = tic6x_unwind_regnames[regpos[reg].reg];
- if (reg > 0)
- reg--;
- }
- else
- name = _("[pad]");
+ if (regpos[reg].offset == i - 1)
+ {
+ name = tic6x_unwind_regnames[regpos[reg].reg];
+ if (reg > 0)
+ reg--;
+ }
+ else
+ name = _("[pad]");
- fputs (name, stdout);
- if (i > 1)
- printf (", ");
+ fputs (name, stdout);
+ if (i > 1)
+ printf (", ");
+ }
}
printf ("}");
@@ -18741,7 +18748,7 @@ process_notes_at (Filedata * filedata,
one version of Linux (RedHat 6.0) generates corefiles that don't
comply with the ELF spec by failing to include the null byte in
namesz. */
- if (inote.namedata[inote.namesz - 1] != '\0')
+ if (inote.namesz > 0 && inote.namedata[inote.namesz - 1] != '\0')
{
if ((size_t) (inote.descdata - inote.namedata) == inote.namesz)
{