diff options
| author | Nick Clifton <nickc@redhat.com> | 2017-06-26 15:25:08 +0100 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2017-06-26 15:25:08 +0100 |
| commit | cfd14a500e0485374596234de4db10e88ebc7618 (patch) | |
| tree | 5627cf743e8fc9646606e13bd6227fe959636bd5 /bfd/opncls.c | |
| parent | 0602cdad745472ed2561d8096a4bb021c8d0301d (diff) | |
| download | gdb-cfd14a500e0485374596234de4db10e88ebc7618.zip gdb-cfd14a500e0485374596234de4db10e88ebc7618.tar.gz gdb-cfd14a500e0485374596234de4db10e88ebc7618.tar.bz2 | |
Fix address violations when atempting to parse fuzzed binaries.
PR binutils/21665
bfd * opncls.c (get_build_id): Check that the section is beig enough
to contain the whole note.
* compress.c (bfd_get_full_section_contents): Check for and reject
a section whoes size is greater than the size of the entire file.
* elf32-v850.c (v850_elf_copy_notes): Allow for the ouput to not
contain a notes section.
binutils* objdump.c (disassemble_section): Skip any section that is bigger
than the entire file.
Diffstat (limited to 'bfd/opncls.c')
| -rw-r--r-- | bfd/opncls.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/bfd/opncls.c b/bfd/opncls.c index 994b950..913341c 100644 --- a/bfd/opncls.c +++ b/bfd/opncls.c @@ -1825,6 +1825,7 @@ get_build_id (bfd *abfd) Elf_External_Note *enote; bfd_byte *contents; asection *sect; + bfd_size_type size; BFD_ASSERT (abfd); @@ -1839,8 +1840,9 @@ get_build_id (bfd *abfd) return NULL; } + size = bfd_get_section_size (sect); /* FIXME: Should we support smaller build-id notes ? */ - if (bfd_get_section_size (sect) < 0x24) + if (size < 0x24) { bfd_set_error (bfd_error_invalid_operation); return NULL; @@ -1853,6 +1855,17 @@ get_build_id (bfd *abfd) return NULL; } + /* FIXME: Paranoia - allow for compressed build-id sections. + Maybe we should complain if this size is different from + the one obtained above... */ + size = bfd_get_section_size (sect); + if (size < sizeof (Elf_External_Note)) + { + bfd_set_error (bfd_error_invalid_operation); + free (contents); + return NULL; + } + enote = (Elf_External_Note *) contents; inote.type = H_GET_32 (abfd, enote->type); inote.namesz = H_GET_32 (abfd, enote->namesz); @@ -1864,7 +1877,8 @@ get_build_id (bfd *abfd) if (inote.descsz == 0 || inote.type != NT_GNU_BUILD_ID || inote.namesz != 4 /* sizeof "GNU" */ - || strcmp (inote.namedata, "GNU") != 0) + || strncmp (inote.namedata, "GNU", 4) != 0 + || size < (12 + BFD_ALIGN (inote.namesz, 4) + inote.descsz)) { free (contents); bfd_set_error (bfd_error_invalid_operation); |