diff options
| author | Nick Clifton <nickc@redhat.com> | 2014-11-10 14:18:45 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2014-11-10 14:27:38 +0000 |
| commit | 36e9d67b868c85232ab630514260f0d9c9c6b27b (patch) | |
| tree | 62b5f40c0cc1529cb235b367c505804dc4bfcd71 /bfd/peXXigen.c | |
| parent | b1f28d992c916eab861df3fa62d436755f874b62 (diff) | |
| download | gdb-36e9d67b868c85232ab630514260f0d9c9c6b27b.zip gdb-36e9d67b868c85232ab630514260f0d9c9c6b27b.tar.gz gdb-36e9d67b868c85232ab630514260f0d9c9c6b27b.tar.bz2 | |
More fixes for problems exposed by valgrind and the address sanitizer
when displaying the contents of corrupt files.
PR binutils/17521
* coff-i386.c (NUM_HOWTOS): New define.
(RTYPE2HOWTO): Use it.
(coff_i386_rtype_to_howto): Likewise.
(coff_i386_reloc_name_lookup): Likewise.
(CALC_ADDEND): Check that reloc r_type field is valid.
* coff-x86_64.c (NUM_HOWTOS): New define.
(RTYPE2HOWTO): Use it.
(coff_amd64_rtype_to_howto): Likewise.
(coff_amd64_reloc_name_lookup): Likewise.
(CALC_ADDEND): Check that reloc r_type field is valid.
* coffcode.h (coff_slurp_line_table): Check for symbol table
indexing underflow.
(coff_slurp_symbol_table): Use zalloc to ensure that all table
entries are initialised.
* coffgen.c (_bfd_coff_read_string_table): Initialise unused bits
in the string table. Also ensure that the table is 0 terminated.
(coff_get_normalized_symtab): Check for symbol table indexing
underflow.
* opncls.c (bfd_alloc): Catch the case where a small negative size
can result in only 1 byte being allocated.
(bfd_alloc2): Use bfd_alloc.
* pe-mips.c (NUM_HOWTOS): New define.
(coff_mips_reloc_name_lookup): Use it.
(CALC_ADDEND): Check that reloc r_type field is valid.
* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Initialise unused entries
in the DataDirectory.
(pe_print_idata): Avoid reading beyond the end of the data block
wen printing strings.
(pe_print_edata): Likewise.
Check for table indexing underflow.
* peicode.h (pe_mkobject): Initialise the pe_opthdr field.
(pe_bfd_object_p): Allocate and initialize enough space to hold a
PEAOUTHDR, even if the opt_hdr field specified less.
Diffstat (limited to 'bfd/peXXigen.c')
| -rw-r--r-- | bfd/peXXigen.c | 33 |
1 files changed, 25 insertions, 8 deletions
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c index ea1459b..d1b33fd 100644 --- a/bfd/peXXigen.c +++ b/bfd/peXXigen.c @@ -458,6 +458,7 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd, aouthdr_int->entry = GET_AOUTHDR_ENTRY (abfd, aouthdr_ext->entry); aouthdr_int->text_start = GET_AOUTHDR_TEXT_START (abfd, aouthdr_ext->text_start); + #if !defined(COFF_WITH_pep) && !defined(COFF_WITH_pex64) /* PE32+ does not have data_start member! */ aouthdr_int->data_start = @@ -505,7 +506,7 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd, int idx; /* PR 17512: Corrupt PE binaries can cause seg-faults. */ - if (a->NumberOfRvaAndSizes > 16) + if (a->NumberOfRvaAndSizes > IMAGE_NUMBEROF_DIRECTORY_ENTRIES) { (*_bfd_error_handler) (_("%B: aout header specifies an invalid number of data-directory entries: %d"), @@ -529,6 +530,13 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd, else a->DataDirectory[idx].VirtualAddress = 0; } + + while (idx < IMAGE_NUMBEROF_DIRECTORY_ENTRIES) + { + a->DataDirectory[idx].Size = 0; + a->DataDirectory[idx].VirtualAddress = 0; + idx ++; + } } if (aouthdr_int->entry) @@ -772,7 +780,7 @@ _bfd_XXi_swap_aouthdr_out (bfd * abfd, void * in, void * out) { int idx; - for (idx = 0; idx < 16; idx++) + for (idx = 0; idx < IMAGE_NUMBEROF_DIRECTORY_ENTRIES; idx++) { H_PUT_32 (abfd, extra->DataDirectory[idx].VirtualAddress, aouthdr_out->DataDirectory[idx][0]); @@ -1391,7 +1399,9 @@ pe_print_idata (bfd * abfd, void * vfile) break; dll = (char *) data + dll_name - adj; - fprintf (file, _("\n\tDLL Name: %s\n"), dll); + /* PR 17512 file: 078-12277-0.004. */ + bfd_size_type maxlen = (char *)(data + datasize) - dll - 1; + fprintf (file, _("\n\tDLL Name: %.*s\n"), (int) maxlen, dll); if (hint_addr != 0) { @@ -1720,7 +1730,9 @@ pe_print_edata (bfd * abfd, void * vfile) edt.base); /* PR 17512: Handle corrupt PE binaries. */ - if (edt.eat_addr + (edt.num_functions * 4) - adj >= datasize) + if (edt.eat_addr + (edt.num_functions * 4) - adj >= datasize + /* PR 17512 file: 140-165018-0.004. */ + || data + edt.eat_addr - adj < data) fprintf (file, _("\tInvalid Export Address Table rva (0x%lx) or entry count (0x%lx)\n"), (long) edt.eat_addr, (long) edt.num_functions); @@ -1736,11 +1748,12 @@ pe_print_edata (bfd * abfd, void * vfile) /* This rva is to a name (forwarding function) in our section. */ /* Should locate a function descriptor. */ fprintf (file, - "\t[%4ld] +base[%4ld] %04lx %s -- %s\n", + "\t[%4ld] +base[%4ld] %04lx %s -- %.*s\n", (long) i, (long) (i + edt.base), (unsigned long) eat_member, _("Forwarder RVA"), + (int)(datasize - (eat_member - adj)), data + eat_member - adj); } else @@ -1761,11 +1774,14 @@ pe_print_edata (bfd * abfd, void * vfile) _("\n[Ordinal/Name Pointer] Table\n")); /* PR 17512: Handle corrupt PE binaries. */ - if (edt.npt_addr + (edt.num_names * 4) - adj >= datasize) + if (edt.npt_addr + (edt.num_names * 4) - adj >= datasize + || (data + edt.npt_addr - adj) < data) fprintf (file, _("\tInvalid Name Pointer Table rva (0x%lx) or entry count (0x%lx)\n"), (long) edt.npt_addr, (long) edt.num_names); - else if (edt.ot_addr + (edt.num_names * 2) - adj >= datasize) + /* PR 17512: file: 140-147171-0.004. */ + else if (edt.ot_addr + (edt.num_names * 2) - adj >= datasize + || data + edt.ot_addr - adj < data) fprintf (file, _("\tInvalid Ordinal Table rva (0x%lx) or entry count (0x%lx)\n"), (long) edt.ot_addr, (long) edt.num_names); @@ -1786,7 +1802,8 @@ pe_print_edata (bfd * abfd, void * vfile) { char * name = (char *) data + name_ptr - adj; - fprintf (file, "\t[%4ld] %s\n", (long) ord, name); + fprintf (file, "\t[%4ld] %.*s\n", (long) ord, + (int)((char *)(data + datasize) - name), name); } } |