Fix a seg-fault in strings and other binutuils when parsing a corrupt PE

executable with an invalid value in the NumberOfRvaAndSizes field of the AOUT header. PR binutils/17512 * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries with an invalid value for NumberOfRvaAndSizes.
author: Nick Clifton <nickc@redhat.com> 2014-10-27 14:45:06 +0000
committer: Nick Clifton <nickc@redhat.com> 2014-10-27 14:45:06 +0000
commit: 7e1e19887abd24aeb15066b141cdff5541e0ec8e (patch)
tree: b52a13ec32682268ebde349a83ca07ac11a2b215 /bfd/peXXigen.c
parent: 493a33860c71cac998f1a56d6d87d6faa801fbaa (diff)
download: gdb-7e1e19887abd24aeb15066b141cdff5541e0ec8e.zip
gdb-7e1e19887abd24aeb15066b141cdff5541e0ec8e.tar.gz
gdb-7e1e19887abd24aeb15066b141cdff5541e0ec8e.tar.bz2
1 files changed, 12 insertions, 0 deletions
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c
index 2fb631c..987be40 100644
--- a/bfd/peXXigen.c
+++ b/bfd/peXXigen.c
@@ -504,6 +504,18 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd,
   {
     int idx;
 
+    /* PR 17512: Corrupt PE binaries can cause seg-faults.  */
+    if (a->NumberOfRvaAndSizes > 16)
+      {
+	(*_bfd_error_handler)
+	  (_("%B: aout header specifies an invalid number of data-directory entries: %d"),
+	   abfd, a->NumberOfRvaAndSizes);
+	/* Paranoia: If the number is corrupt, then assume that the
+	   actual entries themselves might be corrupt as well.  */
+	a->NumberOfRvaAndSizes = 0;
+      }
+
+
     for (idx = 0; idx < a->NumberOfRvaAndSizes; idx++)
       {
         /* If data directory is empty, rva also should be 0.  */
author	Nick Clifton <nickc@redhat.com>	2014-10-27 14:45:06 +0000
committer	Nick Clifton <nickc@redhat.com>	2014-10-27 14:45:06 +0000
commit	7e1e19887abd24aeb15066b141cdff5541e0ec8e (patch)
tree	b52a13ec32682268ebde349a83ca07ac11a2b215 /bfd/peXXigen.c
parent	493a33860c71cac998f1a56d6d87d6faa801fbaa (diff)
download	gdb-7e1e19887abd24aeb15066b141cdff5541e0ec8e.zip gdb-7e1e19887abd24aeb15066b141cdff5541e0ec8e.tar.gz gdb-7e1e19887abd24aeb15066b141cdff5541e0ec8e.tar.bz2