aboutsummaryrefslogtreecommitdiff
path: root/bfd/mach-o.c
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2014-12-16 14:17:15 +0000
committerNick Clifton <nickc@redhat.com>2014-12-16 14:17:15 +0000
commit033539e2685156ad6ad60e5925bc61cef5ced483 (patch)
treeacdba5d5519157286fb6d5767b9690032f84f5e3 /bfd/mach-o.c
parentbeed38b8273fa18be574a7e84d5d2ee1f563ed48 (diff)
downloadgdb-033539e2685156ad6ad60e5925bc61cef5ced483.zip
gdb-033539e2685156ad6ad60e5925bc61cef5ced483.tar.gz
gdb-033539e2685156ad6ad60e5925bc61cef5ced483.tar.bz2
Fix a memory access violation triggeed by a fuzzed binary.
PR binutils/17512 * format.c (bfd_check_format_matches): Check for a matching vector before using match priorities. * mach-o.c (bfd_mach_o_canonicalize_one_reloc): Fix off-by-one errors with previous delta.
Diffstat (limited to 'bfd/mach-o.c')
-rw-r--r--bfd/mach-o.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/bfd/mach-o.c b/bfd/mach-o.c
index 31ffa84..61d60db 100644
--- a/bfd/mach-o.c
+++ b/bfd/mach-o.c
@@ -1350,7 +1350,7 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd,
if (reloc.r_extern)
{
/* PR 17512: file: 8396-1185-0.004. */
- if (num >= bfd_get_symcount (abfd))
+ if (bfd_get_symcount (abfd) > 0 && num > bfd_get_symcount (abfd))
sym = bfd_und_section_ptr->symbol_ptr_ptr;
else
/* An external symbol number. */
@@ -1368,7 +1368,7 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd,
else
{
/* PR 17512: file: 006-2964-0.004. */
- if (num >= mdata->nsects)
+ if (num > mdata->nsects)
return -1;
/* A section number. */
@@ -1400,6 +1400,7 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd,
if (!(*bed->_bfd_mach_o_swap_reloc_in)(res, &reloc))
return -1;
+
return 0;
}
@@ -1414,6 +1415,7 @@ bfd_mach_o_canonicalize_relocs (bfd *abfd, unsigned long filepos,
/* Allocate and read relocs. */
native_size = count * BFD_MACH_O_RELENT_SIZE;
+
native_relocs =
(struct mach_o_reloc_info_external *) bfd_malloc (native_size);
if (native_relocs == NULL)