diff options
| author | Nick Clifton <nickc@redhat.com> | 2015-01-08 15:39:49 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2015-01-08 15:39:49 +0000 |
| commit | 063bb0250defafcc55544474a2961ecbc153882e (patch) | |
| tree | 5ec4e53c3bbc11fc7ff8dce67ccfacaad5608767 /bfd/peXXigen.c | |
| parent | 848cde35d61874521ad6c88a50f983d5ee7d2307 (diff) | |
| download | gdb-063bb0250defafcc55544474a2961ecbc153882e.zip gdb-063bb0250defafcc55544474a2961ecbc153882e.tar.gz gdb-063bb0250defafcc55544474a2961ecbc153882e.tar.bz2 | |
Fix memory access violations exposed by running strip on fuzzed binaries.
PR binutils/17512
* coffcode.h (coff_slurp_symbol_table): Return false if we failed
to load the line table.
* elf.c (_bfd_elf_map_sections_to_segments): Enforce a minimum
maxpagesize of 1.
* peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Fail if
the Data Directory Size is too large.
* objcopy.c (copy_object): Free the symbol table if no symbols
could be loaded.
(copy_file): Use bfd_close_all_done to close files that could not
be copied.
Diffstat (limited to 'bfd/peXXigen.c')
| -rw-r--r-- | bfd/peXXigen.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c index 09adf83..0abe609 100644 --- a/bfd/peXXigen.c +++ b/bfd/peXXigen.c @@ -2930,6 +2930,16 @@ _bfd_XX_bfd_copy_private_bfd_data_common (bfd * ibfd, bfd * obfd) struct external_IMAGE_DEBUG_DIRECTORY *dd = (struct external_IMAGE_DEBUG_DIRECTORY *)(data + (addr - section->vma)); + /* PR 17512: file: 0f15796a. */ + if (ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size + (addr - section->vma) + > bfd_get_section_size (section)) + { + _bfd_error_handler (_("%A: Data Directory size (%lx) exceeds space left in section (%lx)"), + obfd, ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size, + bfd_get_section_size (section) - (addr - section->vma)); + return FALSE; + } + for (i = 0; i < ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size / sizeof (struct external_IMAGE_DEBUG_DIRECTORY); i++) { |