diff options
| author | Nick Clifton <nickc@redhat.com> | 2014-11-11 15:34:27 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2014-11-11 15:34:27 +0000 |
| commit | 201159ecec7e17600df4153e5d4e7a145f0c7cfe (patch) | |
| tree | 328d0499e8bedc423bb8907ad53e30f7647f2df1 /bfd/coffcode.h | |
| parent | 015de6884f6fdebaffd4b7d4c7f14fb4d5fc0bb1 (diff) | |
| download | gdb-201159ecec7e17600df4153e5d4e7a145f0c7cfe.zip gdb-201159ecec7e17600df4153e5d4e7a145f0c7cfe.tar.gz gdb-201159ecec7e17600df4153e5d4e7a145f0c7cfe.tar.bz2 | |
More fixes for invalid memory accesses, uncovered by valgrind and binary fuzzers.
PR binutils/17512
* coffcode.h (coff_slurp_line_table): Initialise the parts of the
line number cache that would not be initialised by the copy from
the new line number table.
(coff_classify_symbol): Allow for _bfd_coff_internal_syment_name
returning NULL.
* coffgen.c (coff_get_normalized_symbols): Get the external
symbols before allocating space for the internal symbols, in case
the get fails.
* elf.c (_bfd_elf_slurp_version_tables): Only allocate a verref
array if one is needed. Likewise with the verdef array.
* peXXigen.c (_bfd_XXi_swap_sym_in): Replace abort()'s with error
messages.
(_bfd_XXi_swap_aux_in): Make sure that all fields of the aux
structure are initialised.
(pe_print_edata): Avoid reading off the end of the data buffer.
Diffstat (limited to 'bfd/coffcode.h')
| -rw-r--r-- | bfd/coffcode.h | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/bfd/coffcode.h b/bfd/coffcode.h index f10654e..4bc80bd 100644 --- a/bfd/coffcode.h +++ b/bfd/coffcode.h @@ -4453,11 +4453,11 @@ buy_and_read (bfd *abfd, file_ptr where, bfd_size_type size) void * area = bfd_alloc (abfd, size); if (!area) - return (NULL); + return NULL; if (bfd_seek (abfd, where, SEEK_SET) != 0 || bfd_bread (area, size, abfd) != size) - return (NULL); - return (area); + return NULL; + return area; } /* @@ -4637,13 +4637,20 @@ coff_slurp_line_table (bfd *abfd, asection *asect) /* PR binutils/17512: Point the lineno to where this entry will be after the memcpy below. */ sym->lineno = lineno_cache + (n_cache_ptr - n_lineno_cache); - /* Copy the function and line number entries. */ do *n_cache_ptr++ = *old_ptr++; while (old_ptr->line_number != 0); } - memcpy (lineno_cache, n_lineno_cache, amt); + /* PR 17521: file: 078-10659-0.004. */ + if (n_cache_ptr < n_lineno_cache + asect->lineno_count) + { + amt = n_cache_ptr - n_lineno_cache; + memcpy (lineno_cache, n_lineno_cache, amt * sizeof (alent)); + memset (lineno_cache + amt, 0, (asect->lineno_count - amt) * sizeof (alent)); + } + else + memcpy (lineno_cache, n_lineno_cache, amt); } bfd_release (abfd, func_table); } @@ -5074,13 +5081,13 @@ coff_classify_symbol (bfd *abfd, if (syment->n_value == 0) { asection *sec; - char buf[SYMNMLEN + 1]; - - sec = coff_section_from_bfd_index (abfd, syment->n_scnum); - if (sec != NULL - && (strcmp (bfd_get_section_name (abfd, sec), - _bfd_coff_internal_syment_name (abfd, syment, buf)) - == 0)) + char * name; + char buf[SYMNMLEN + 1]; + + name = _bfd_coff_internal_syment_name (abfd, syment, buf) + sec = coff_section_from_bfd_index (abfd, syment->n_scnum); + if (sec != NULL && name != NULL + && (strcmp (bfd_get_section_name (abfd, sec), name) == 0)) return COFF_SYMBOL_PE_SECTION; } #endif |