diff options
| author | Keith Seitz <keiths@redhat.com> | 2014-12-11 09:39:24 -0800 |
|---|---|---|
| committer | Keith Seitz <keiths@redhat.com> | 2014-12-11 09:39:24 -0800 |
| commit | 8acbedd60e1045bf8d37b29ddd25c2c8b6a302a9 (patch) | |
| tree | b516494013526189e636fc8a4eb306a0c6af029e /bfd/ChangeLog | |
| parent | 540feddfde2c93f242e6f54be5feb641f263c5f3 (diff) | |
| download | gdb-8acbedd60e1045bf8d37b29ddd25c2c8b6a302a9.zip gdb-8acbedd60e1045bf8d37b29ddd25c2c8b6a302a9.tar.gz gdb-8acbedd60e1045bf8d37b29ddd25c2c8b6a302a9.tar.bz2 | |
This commit causes hundreds of core file regressions in gdb:
commit f64e188b58f4aab4cbd03aa6e9fc1aa602546e26
Author: Nick Clifton <nickc@redhat.com>
Date: Tue Dec 9 12:42:18 2014 +0000
More fixes for memory access violations triggered by fuzzed binaries.
[snip]
* elf.c (elf_parse_notes): Check that the namedata is long enough
for the string comparison that is about to be performed.
(elf_read_notes): Zero-terminate the note buffer.
This change to elf_parse_notes is the culprit:
+ for (i = ARRAY_SIZE (grokers); i--;)
+ if (in.namesz >= sizeof grokers[i].string - 1
+ && strncmp (in.namedata, grokers[i].string,
+ sizeof (grokers[i].string) - 1) == 0)
Note how this applies sizeof to grokers[i].string...
bfd/ChangeLog
* elf.c (elf_parse_notes): Define convenience macro
GROKER_ELEMENT to add elements to 'grokers'.
Use grokers.len instead of sizeof in string comparisons.
Diffstat (limited to 'bfd/ChangeLog')
| -rw-r--r-- | bfd/ChangeLog | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 76e382e..9443507 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,11 @@ +2014-12-11 Keith Seitz <keiths@redhat.com> + + * elf.c (elf_parse_notes): Define convenience macro + GROKER_ELEMENT to add elements to 'grokers' array. + Add 'len' element to 'grokers'. + Use grokers.len instead of sizeof in string + comparisons. + 2014-12-10 Alan Modra <amodra@gmail.com> * Makefile.am (BFD32_LIBS, BFD32_LIBS_CFILES): Remove dwarf2 |