diff options
| author | Nick Clifton <nickc@redhat.com> | 2014-12-01 16:43:46 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2014-12-01 16:43:46 +0000 |
| commit | 06614111d1be94b43ea8dd83805184d4e177bcea (patch) | |
| tree | 7b83dc3944a96259e83bf4c949b237404f02c5bb /bfd/compress.c | |
| parent | 30b5e341f3bcb219718ad32cd0065670fd37e637 (diff) | |
| download | gdb-06614111d1be94b43ea8dd83805184d4e177bcea.zip gdb-06614111d1be94b43ea8dd83805184d4e177bcea.tar.gz gdb-06614111d1be94b43ea8dd83805184d4e177bcea.tar.bz2 | |
More fixes for memory access violations exposed by fuzzed binaries.
PR binutils/17512
* dwarf.h (struct dwarf_section): Add user_data field.
* dwarf.c (frame_need_space): Check for an over large register
number.
(display_debug_frames): Check the return value from
frame_need_space. Check for a CFA expression that is so long the
start address wraps around.
(debug_displays): Initialise the user_data field.
* objdump.c (load_specific_debug_section): Save the BFD section
pointer in the user_data field of the dwarf_section structure.
(free_debug_section): Update BFD section data when freeing section
contents.
* readelf.c (load_specific_debug_section): Initialise the
user_data field.
* archive.c (do_slurp_coff_armap): Add range checks to prevent
running off the end of the string table.
* compress.c (bfd_get_full_section_contents): Return a NULL
pointer for zero sized sections. Do not attempt to copy a buffer
onto itself.
* elf-attrs.c (_bfd_elf_parse_attributes): Check for an empty
header. Add range checks to avoid running off the end of the
section.
* elf.c (bfd_elf_get_str_section): Seek before allocating so that
if the seek fails, no memory is allocated.
(bfd_elf_string_from_elf_section): Do not allocate a string from a
non string section. It only leads to trouble later on.
(_bfd_elf_print_private_bfd_data): Check for there being too
little external dynamic data.
(bfd_section_from_shdr): Replace assertion with a failure mode.
(bfd_section_from_shdr): When walking a loaded group section use
the internal structure size, not the external size. Check for the
group section being empty.
* elf32-i386.c (elf_i386_rtype_to_howto): Replace assertion with a
failure mode.
* elfcode.h (elf_slurp_reloc_table): Likewise.
* reloc.c (bfd_perform_relocation): Avoid seg-fault if the howto
parameter is NULL.
Diffstat (limited to 'bfd/compress.c')
| -rw-r--r-- | bfd/compress.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/bfd/compress.c b/bfd/compress.c index 20eef95..3fcbd78 100644 --- a/bfd/compress.c +++ b/bfd/compress.c @@ -152,7 +152,8 @@ DESCRIPTION return @var{*ptr} with memory malloc'd by this function. Return @code{TRUE} if the full section contents is retrieved - successfully. + successfully. If the section has no contents then this function + returns @code{TRUE} but @var{*ptr} is set to NULL. */ bfd_boolean @@ -172,7 +173,10 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr) else sz = sec->size; if (sz == 0) - return TRUE; + { + *ptr = NULL; + return TRUE; + } switch (sec->compress_status) { @@ -183,6 +187,7 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr) if (p == NULL) return FALSE; } + if (!bfd_get_section_contents (abfd, sec, p, 0, sz)) { if (*ptr != p) @@ -246,7 +251,9 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr) return FALSE; *ptr = p; } - memcpy (p, sec->contents, sz); + /* PR 17512; file: 5bc29788. */ + if (p != sec->contents) + memcpy (p, sec->contents, sz); return TRUE; default: |