diff options
| author | Nick Clifton <nickc@redhat.com> | 2015-01-05 23:13:50 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2015-01-05 23:13:50 +0000 |
| commit | 896ca0981329171639b1fe0b934393a79ef4fdfb (patch) | |
| tree | ac6f2a1d6ab8084254dac309ba83173eb962d5c2 /bfd/syms.c | |
| parent | 82b1b41bcdc6d01fdbd94b246e24a8a8f8c2bddd (diff) | |
| download | gdb-896ca0981329171639b1fe0b934393a79ef4fdfb.zip gdb-896ca0981329171639b1fe0b934393a79ef4fdfb.tar.gz gdb-896ca0981329171639b1fe0b934393a79ef4fdfb.tar.bz2 | |
More fixes for invalid memory accesses triggered by fuzzed binaries.
PR binutils/17512
* nm.c (print_symbol): Add 'is_synthetic' parameter. Use it to
help initialize the info.elfinfo field.
(print_size_symbols): Add 'synth_count' parameter. Use it to set
the is_synthetic parameter when calling print_symbol.
(print_symbols): Likewise.
(display_rel_file): Pass synth_count to printing function.
(display_archive): Break loop if the last archive displayed
matches the current archive.
* size.c (display_archive): Likewise.
* archive.c (do_slurp_bsd_armap): Make sure that the parsed sized
is at least big enough for the header to be read.
* elf32-i386.c (elf_i386_get_plt_sym_val): Skip unknown relocs.
* mach-o.c (bfd_mach_o_get_synthetic_symtab): Add range checks.
(bfd_mach_o_read_command): Prevetn duplicate error messages about
unrecognized commands.
* syms.c (_bfd_stab_section_find_nearest_line): Add range checks
when indexing into the string table.
Diffstat (limited to 'bfd/syms.c')
| -rw-r--r-- | bfd/syms.c | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -823,6 +823,7 @@ _bfd_generic_read_minisymbols (bfd *abfd, *minisymsp = syms; *sizep = sizeof (asymbol *); + return symcount; error_return: @@ -1191,6 +1192,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd, { nul_fun = stab; nul_str = str; + if (file_name >= (char *) info->strs + strsize) + file_name = NULL; if (stab + STABSIZE + TYPEOFF < info->stabs + stabsize && *(stab + STABSIZE + TYPEOFF) == (bfd_byte) N_SO) { @@ -1200,6 +1203,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd, directory_name = file_name; file_name = ((char *) str + bfd_get_32 (abfd, stab + STRDXOFF)); + if (file_name >= (char *) info->strs + strsize) + file_name = NULL; } } break; @@ -1207,6 +1212,9 @@ _bfd_stab_section_find_nearest_line (bfd *abfd, case N_SOL: /* The name of an include file. */ file_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF); + /* PR 17512: file: 0c680a1f. */ + if (file_name >= (char *) info->strs + strsize) + file_name = NULL; break; case N_FUN: @@ -1214,6 +1222,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd, function_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF); if (function_name == (char *) str) continue; + if (function_name >= (char *) info->strs + strsize) + function_name = NULL; nul_fun = NULL; info->indextable[i].val = bfd_get_32 (abfd, stab + VALOFF); @@ -1321,6 +1331,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd, if (val <= offset) { file_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF); + if (file_name >= (char *) info->strs + strsize) + file_name = NULL; *pline = 0; } break; |