diff options
author | Nick Clifton <nickc@redhat.com> | 2019-01-25 13:16:06 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2019-01-25 13:16:06 +0000 |
commit | 183445093ebd6be285e29f75b877e62a723918c6 (patch) | |
tree | e2cded412b9707f6f31ad6f88cc697a54d1ee6fc | |
parent | 9ed1348c2008f54368f0fd989a0bf2de8b93329a (diff) | |
download | gdb-183445093ebd6be285e29f75b877e62a723918c6.zip gdb-183445093ebd6be285e29f75b877e62a723918c6.tar.gz gdb-183445093ebd6be285e29f75b877e62a723918c6.tar.bz2 |
Prevent a potential illegal memory access in readelf when parsing a note with a zero name size.
PR 24131
* readelf.c (process_notes_at): Prevent an illegal memory access
when the note's namesize is zero.
(decode_tic6x_unwind_bytecode): Add code to handle the case where
no registers are specified in a frame pop instruction.
-rw-r--r-- | binutils/ChangeLog | 8 | ||||
-rw-r--r-- | binutils/readelf.c | 33 |
2 files changed, 28 insertions, 13 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 7653019..a5f9bde 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,5 +1,13 @@ 2019-01-25 Nick Clifton <nickc@redhat.com> + PR 24131 + * readelf.c (process_notes_at): Prevent an illegal memory access + when the note's namesize is zero. + (decode_tic6x_unwind_bytecode): Add code to handle the case where + no registers are specified in a frame pop instruction. + +2019-01-25 Nick Clifton <nickc@redhat.com> + * po/bg.po: Updated Bulgarian translation. 2019-01-23 Nick Clifton <nickc@redhat.com> diff --git a/binutils/readelf.c b/binutils/readelf.c index b13eb6a..77acc6a 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -8852,21 +8852,28 @@ decode_tic6x_unwind_bytecode (Filedata * filedata, } printf (_("pop frame {")); - reg = nregs - 1; - for (i = i * 2; i > 0; i--) + if (nregs == 0) { - if (regpos[reg].offset == i - 1) + printf (_("*corrupt* - no registers specified")); + } + else + { + reg = nregs - 1; + for (i = i * 2; i > 0; i--) { - name = tic6x_unwind_regnames[regpos[reg].reg]; - if (reg > 0) - reg--; - } - else - name = _("[pad]"); + if (regpos[reg].offset == i - 1) + { + name = tic6x_unwind_regnames[regpos[reg].reg]; + if (reg > 0) + reg--; + } + else + name = _("[pad]"); - fputs (name, stdout); - if (i > 1) - printf (", "); + fputs (name, stdout); + if (i > 1) + printf (", "); + } } printf ("}"); @@ -18741,7 +18748,7 @@ process_notes_at (Filedata * filedata, one version of Linux (RedHat 6.0) generates corefiles that don't comply with the ELF spec by failing to include the null byte in namesz. */ - if (inote.namedata[inote.namesz - 1] != '\0') + if (inote.namesz > 0 && inote.namedata[inote.namesz - 1] != '\0') { if ((size_t) (inote.descdata - inote.namedata) == inote.namesz) { |