diff options
author | Nick Clifton <nickc@redhat.com> | 2014-12-01 16:43:46 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2014-12-01 16:43:46 +0000 |
commit | 06614111d1be94b43ea8dd83805184d4e177bcea (patch) | |
tree | 7b83dc3944a96259e83bf4c949b237404f02c5bb /bfd/ChangeLog | |
parent | 30b5e341f3bcb219718ad32cd0065670fd37e637 (diff) | |
download | gdb-06614111d1be94b43ea8dd83805184d4e177bcea.zip gdb-06614111d1be94b43ea8dd83805184d4e177bcea.tar.gz gdb-06614111d1be94b43ea8dd83805184d4e177bcea.tar.bz2 |
More fixes for memory access violations exposed by fuzzed binaries.
PR binutils/17512
* dwarf.h (struct dwarf_section): Add user_data field.
* dwarf.c (frame_need_space): Check for an over large register
number.
(display_debug_frames): Check the return value from
frame_need_space. Check for a CFA expression that is so long the
start address wraps around.
(debug_displays): Initialise the user_data field.
* objdump.c (load_specific_debug_section): Save the BFD section
pointer in the user_data field of the dwarf_section structure.
(free_debug_section): Update BFD section data when freeing section
contents.
* readelf.c (load_specific_debug_section): Initialise the
user_data field.
* archive.c (do_slurp_coff_armap): Add range checks to prevent
running off the end of the string table.
* compress.c (bfd_get_full_section_contents): Return a NULL
pointer for zero sized sections. Do not attempt to copy a buffer
onto itself.
* elf-attrs.c (_bfd_elf_parse_attributes): Check for an empty
header. Add range checks to avoid running off the end of the
section.
* elf.c (bfd_elf_get_str_section): Seek before allocating so that
if the seek fails, no memory is allocated.
(bfd_elf_string_from_elf_section): Do not allocate a string from a
non string section. It only leads to trouble later on.
(_bfd_elf_print_private_bfd_data): Check for there being too
little external dynamic data.
(bfd_section_from_shdr): Replace assertion with a failure mode.
(bfd_section_from_shdr): When walking a loaded group section use
the internal structure size, not the external size. Check for the
group section being empty.
* elf32-i386.c (elf_i386_rtype_to_howto): Replace assertion with a
failure mode.
* elfcode.h (elf_slurp_reloc_table): Likewise.
* reloc.c (bfd_perform_relocation): Avoid seg-fault if the howto
parameter is NULL.
Diffstat (limited to 'bfd/ChangeLog')
-rw-r--r-- | bfd/ChangeLog | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 8bcbc11..0489b79 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,30 @@ +2014-12-01 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * archive.c (do_slurp_coff_armap): Add range checks to prevent + running off the end of the string table. + * compress.c (bfd_get_full_section_contents): Return a NULL + pointer for zero sized sections. Do not attempt to copy a buffer + onto itself. + * elf-attrs.c (_bfd_elf_parse_attributes): Check for an empty + header. Add range checks to avoid running off the end of the + section. + * elf.c (bfd_elf_get_str_section): Seek before allocating so that + if the seek fails, no memory is allocated. + (bfd_elf_string_from_elf_section): Do not allocate a string from a + non string section. It only leads to trouble later on. + (_bfd_elf_print_private_bfd_data): Check for there being too + little external dynamic data. + (bfd_section_from_shdr): Replace assertion with a failure mode. + (bfd_section_from_shdr): When walking a loaded group section use + the internal structure size, not the external size. Check for the + group section being empty. + * elf32-i386.c (elf_i386_rtype_to_howto): Replace assertion with a + failure mode. + * elfcode.h (elf_slurp_reloc_table): Likewise. + * reloc.c (bfd_perform_relocation): Avoid seg-fault if the howto + parameter is NULL. + 2014-11-30 Alan Modra <amodra@gmail.com> PR 16452, 16457 |