diff options
| author | Nick Clifton <nickc@redhat.com> | 2015-01-21 17:37:23 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2015-01-21 17:37:23 +0000 |
| commit | 86eafac0aad7edbc1ccea6daf53480a36339250a (patch) | |
| tree | 380943f3951e65b5a0c9968691828a424e0857c7 /bfd/tekhex.c | |
| parent | ffbc46469f5fa1368251acd65da418775ab1a2ce (diff) | |
| download | gdb-86eafac0aad7edbc1ccea6daf53480a36339250a.zip gdb-86eafac0aad7edbc1ccea6daf53480a36339250a.tar.gz gdb-86eafac0aad7edbc1ccea6daf53480a36339250a.tar.bz2 | |
Fix memory access violations triggered by running strip on fuzzed binaries.
PR binutils/17512
* coffcode.h (coff_set_arch_mach_hook): Check return value from
bfd_malloc.
(coff_slurp_line_table): Return FALSE if the line number
information was corrupt.
(coff_slurp_symbol_table): Return FALSE if the symbol information
was corrupt.
* mach-o.c (bfd_mach_o_bfd_copy_private_header_data): Always
initialise the fields of the dyld_info structure.
(bfd_mach_o_build_exec_seg_command): Replace assertion with an
error message and a return value.
(bfd_mach_o_layout_commands): Change the function to boolean.
Return FALSE if the function fails.
(bfd_mach_o_build_commands): Fail if bfd_mach_o_layout_commands
fails.
(bfd_mach_o_read_command): Fail if an unrecognised command is
encountered.
* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Set bfd_error if the
read fails.
(slurp_symtab): Check the return from bfd_malloc.
(_bfd_XX_bfd_copy_private_bfd_data_common): Fail if the copy
encountered an error.
(_bfd_XXi_final_link_postscript): Fail if a section could not be
copied.
* peicode.h (pe_bfd_object_p): Fail if the header could not be
swapped in.
* tekhex.c (first_phase): Fail if the section is too big.
* versados.c (struct esdid): Add content_size field.
(process_otr): Use and check the new field.
(versados_get_section_contents): Check that the section exists and
that the requested data is available.
PR binutils/17512
* addr2line.c (main): Call bfd_set_error_program_name.
* ar.c (main): Likewise.
* coffdump.c (main): Likewise.
* cxxfilt.c (main): Likewise.
* dlltool.c (main): Likewise.
* nlmconv.c (main): Likewise.
* nm.c (main): Likewise.
* objdump.c (main): Likewise.
* size.c (main): Likewise.
* srconv.c (main): Likewise.
* strings.c (main): Likewise.
* sysdump.c (main): Likewise.
* windmc.c (main): Likewise.
* windres.c (main): Likewise.
* objcopy.c (main): Likewise.
(copy_relocations_in_section): Check for relocs without associated
symbol pointers.
Diffstat (limited to 'bfd/tekhex.c')
| -rw-r--r-- | bfd/tekhex.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/bfd/tekhex.c b/bfd/tekhex.c index 94b4773..63d7d8d 100644 --- a/bfd/tekhex.c +++ b/bfd/tekhex.c @@ -407,7 +407,13 @@ first_phase (bfd *abfd, int type, char *src, char * src_end) return FALSE; if (!getvalue (&src, &val, src_end)) return FALSE; + if (val < section->vma) + val = section->vma; section->size = val - section->vma; + /* PR 17512: file: objdump-s-endless-loop.tekhex. + Check for overlarge section sizes. */ + if (section->size & 0x80000000) + return FALSE; section->flags = SEC_HAS_CONTENTS | SEC_LOAD | SEC_ALLOC; break; case '0': |