diff options
| author | Nick Clifton <nickc@redhat.com> | 2015-02-12 16:45:11 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2015-02-12 16:45:11 +0000 |
| commit | dbb3fbbb1a3b387a0d33dfd5764cf92bc3da7f41 (patch) | |
| tree | f99893b2d0c6f7e6442a7c1fb5622b3afacbb870 /bfd/elf64-ppc.c | |
| parent | 0e7f931f3acb65a739dffb2a4edec9e7afb1ccbe (diff) | |
| download | gdb-dbb3fbbb1a3b387a0d33dfd5764cf92bc3da7f41.zip gdb-dbb3fbbb1a3b387a0d33dfd5764cf92bc3da7f41.tar.gz gdb-dbb3fbbb1a3b387a0d33dfd5764cf92bc3da7f41.tar.bz2 | |
Fix memory access violations triggered by running addr2line on fuzzed binaries.
PR binutils/17512
* dwarf.c (read_1_byte, read_1_signed_byte, read_2_bytes)
(read_4_bytes, read_8_bytes, read_n_bytes, read_string)
(read_indirect_string, read_alt_indirect_string)
(read_alt_indirect_ref, read_address, read_abbrevs)
(read_attribute_value, read_attribute, decode_line_info)
(find_abstract_instance_name, read_rangelist)
(scan_unit_for_symbols, parse_comp_unit)
(_bfd_dwarf2_find_nearest_line): Harden DWARF reading code. Pass
end pointers to reading functions and check for offsets taking
pointers out of range. Replace calls to read_*_leb128 with calls
to safe_read_leb128.
(* elf64-ppc.c (opd_entry_value): Add a check for an overlarge
offset.
* syms.c (_bfd_stab_section_find_nearest_line): Add checks for
computed file_name address being before the start of the string
table.
Diffstat (limited to 'bfd/elf64-ppc.c')
| -rw-r--r-- | bfd/elf64-ppc.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c index f821231..542ed1c 100644 --- a/bfd/elf64-ppc.c +++ b/bfd/elf64-ppc.c @@ -5951,6 +5951,10 @@ opd_entry_value (asection *opd_sec, ppc64_elf_tdata (opd_bfd)->opd.contents = contents; } + /* PR 17512: file: 64b9dfbb. */ + if (offset > bfd_section_size (opd_bfd, opd_sec)) + return (bfd_vma) -1; + val = bfd_get_64 (opd_bfd, contents + offset); if (code_sec != NULL) { |