aboutsummaryrefslogtreecommitdiff
path: root/bfd/peXXigen.c
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2014-11-11 15:34:27 +0000
committerNick Clifton <nickc@redhat.com>2014-11-11 15:34:27 +0000
commit201159ecec7e17600df4153e5d4e7a145f0c7cfe (patch)
tree328d0499e8bedc423bb8907ad53e30f7647f2df1 /bfd/peXXigen.c
parent015de6884f6fdebaffd4b7d4c7f14fb4d5fc0bb1 (diff)
downloadgdb-201159ecec7e17600df4153e5d4e7a145f0c7cfe.zip
gdb-201159ecec7e17600df4153e5d4e7a145f0c7cfe.tar.gz
gdb-201159ecec7e17600df4153e5d4e7a145f0c7cfe.tar.bz2
More fixes for invalid memory accesses, uncovered by valgrind and binary fuzzers.
PR binutils/17512 * coffcode.h (coff_slurp_line_table): Initialise the parts of the line number cache that would not be initialised by the copy from the new line number table. (coff_classify_symbol): Allow for _bfd_coff_internal_syment_name returning NULL. * coffgen.c (coff_get_normalized_symbols): Get the external symbols before allocating space for the internal symbols, in case the get fails. * elf.c (_bfd_elf_slurp_version_tables): Only allocate a verref array if one is needed. Likewise with the verdef array. * peXXigen.c (_bfd_XXi_swap_sym_in): Replace abort()'s with error messages. (_bfd_XXi_swap_aux_in): Make sure that all fields of the aux structure are initialised. (pe_print_edata): Avoid reading off the end of the data buffer.
Diffstat (limited to 'bfd/peXXigen.c')
-rw-r--r--bfd/peXXigen.c31
1 files changed, 24 insertions, 7 deletions
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c
index d1b33fd..725e9f6 100644
--- a/bfd/peXXigen.c
+++ b/bfd/peXXigen.c
@@ -149,8 +149,13 @@ _bfd_XXi_swap_sym_in (bfd * abfd, void * ext1, void * in1)
name = _bfd_coff_internal_syment_name (abfd, in, namebuf);
if (name == NULL)
- /* FIXME: Return error. */
- abort ();
+ {
+ _bfd_error_handler (_("%B: unable to find name for empty section"),
+ abfd);
+ bfd_set_error (bfd_error_invalid_target);
+ return;
+ }
+
sec = bfd_get_section_by_name (abfd, name);
if (sec != NULL)
in->n_scnum = sec->target_index;
@@ -170,15 +175,22 @@ _bfd_XXi_swap_sym_in (bfd * abfd, void * ext1, void * in1)
{
name = (const char *) bfd_alloc (abfd, strlen (namebuf) + 1);
if (name == NULL)
- /* FIXME: Return error. */
- abort ();
+ {
+ _bfd_error_handler (_("%B: out of memory creating name for empty section"),
+ abfd);
+ return;
+ }
strcpy ((char *) name, namebuf);
}
+
flags = SEC_HAS_CONTENTS | SEC_ALLOC | SEC_DATA | SEC_LOAD;
sec = bfd_make_section_anyway_with_flags (abfd, name, flags);
if (sec == NULL)
- /* FIXME: Return error. */
- abort ();
+ {
+ _bfd_error_handler (_("%B: unable to create fake empty section"),
+ abfd);
+ return;
+ }
sec->vma = 0;
sec->lma = 0;
@@ -283,6 +295,9 @@ _bfd_XXi_swap_aux_in (bfd * abfd,
AUXENT *ext = (AUXENT *) ext1;
union internal_auxent *in = (union internal_auxent *) in1;
+ /* PR 17521: Make sure that all fields in the aux structure
+ are initialised. */
+ memset (in, 0, sizeof * in);
switch (in_class)
{
case C_FILE:
@@ -1681,7 +1696,9 @@ pe_print_edata (bfd * abfd, void * vfile)
bfd_fprintf_vma (abfd, file, edt.name);
if ((edt.name >= adj) && (edt.name < adj + datasize))
- fprintf (file, " %s\n", data + edt.name - adj);
+ fprintf (file, " %.*s\n",
+ (int) (datasize - (edt.name - adj)),
+ data + edt.name - adj);
else
fprintf (file, "(outside .edata section)\n");