diff options
| author | Nick Clifton <nickc@redhat.com> | 2014-12-22 20:59:00 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2014-12-22 20:59:00 +0000 |
| commit | 5860e3f883597cf6b8a937547015394edc1e8784 (patch) | |
| tree | 687135f65d4688371f22b97e0892f8c1c2ea2a8c /bfd/versados.c | |
| parent | e30880c2eeee3b43897161344bbbffd03f3a1c91 (diff) | |
| download | gdb-5860e3f883597cf6b8a937547015394edc1e8784.zip gdb-5860e3f883597cf6b8a937547015394edc1e8784.tar.gz gdb-5860e3f883597cf6b8a937547015394edc1e8784.tar.bz2 | |
More fixes for memory access violations exposed by fuzzed binaries.
PR binutils/17512
* archive.c (do_slurp_bsd_armap): Return if the parsed_size is
zero.
(bfd_slurp_armap): Zero terminate the name.
(bfd_generic_stat_arch_elt): If there is no header, fail.
* elf32-arc.c (arc_info_to_howto_rel): Replace BFD_ASSERT with
error message.
* elf32-avr.c (avr_info_to_howto_rela): Likewise.
* elf32-cr16c.c (elf_cr16c_info_to_howto_rel): Likewise.
* elf32-cris.c (cris_info_to_howto_rela): Likewise.
* elf32-d10v.c (d10v_info_to_howto_rel): Likewise.
* elf32-d30v.c (d30v_info_to_howto_rel): Likewise.
* elf32-dlx.c (dlx_rtype_to_howto): Likewise.
* elf32-epiphany.c (epiphany_info_to_howto_rela): Likewise.
* elf32-fr30.c (fr30_info_to_howto_rela): Likewise.
* elf32-frv.c (frv_info_to_howto_rela): Likewise.
* elf32-i960.c (elf32_i960_info_to_howto_rel): Likewise.
* elf32-ip2k.c (ip2k_info_to_howto_rela): Likewise.
* elf32-iq2000.c (iq2000_info_to_howto_rela): Likewise.
* elf32-lm32.c (lm32_info_to_howto_rela): Likewise.
* elf32-m32c.c (m32c_info_to_howto_rela): Likewise.
* elf32-m32r.c (m32r_info_to_howto_rel): Likewise.
* elf32-m68hc11.c (m68hc11_info_to_howto_rel): Likewise.
* elf32-m68hc12.c (m68hc11_info_to_howto_rel): Likewise.
* elf32-mep.c (mep_info_to_howto_rela): Likewise.
* elf32-metag.c (metag_info_to_howto_rela): Likewise.
* elf32-moxie.c (moxie_info_to_howto_rela): Likewise.
* elf32-msp430.c (msp430_info_to_howto_rela): Likewise.
* elf32-mt.c (mt_info_to_howto_rela): Likewise.
* elf32-nds32.c (nds32_info_to_howto_rel): Likewise.
* elf32-or1k.c (or1k_info_to_howto_rela): Likewise.
* elf32-rl78.c (rl78_info_to_howto_rela): Likewise.
* elf32-rx.c (rx_info_to_howto_rela): Likewise.
* elf32-v850.c (v850_elf_info_to_howto_rel): Likewise.
* elf32-visium.c (visium_info_to_howto_rela): Likewise.
* elf32-xgate.c (xgate_info_to_howto_rel): Likewise.
* elf32-xtensa.c (elf_xtensa_info_to_howto_rela): Likewise.
* elf64-mmix.c (mmix_info_to_howto_rela): Likewise.
* elf64-x86-64.c (elf_x86_64_reloc_type_lookup): Likewise.
* elfnn-aarch64.c (elfNN_aarch64_bfd_reloc_from_type): Likewise.
* elf64-sparc.c (elf64_sparc_slurp_one_reloc_table): Add range
checking of reloc symbol index.
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): If no symbols have
been provided then set the reloc's symbol to undefined.
* reloc.c (bfd_generic_get_relocated_section_contents): Add range
checking of the reloc to be applied.
* versados.c (process_otr): Add more range checks.
(versados_canonicalize_reloc): If the section is unknown, set the
symbol to undefined.
* vms-alpha.c (_bfd_vms_slurp_eisd): Add range checks.
(alpha_vms_object_p): Likewise.
Diffstat (limited to 'bfd/versados.c')
| -rw-r--r-- | bfd/versados.c | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/bfd/versados.c b/bfd/versados.c index 1dfe748..75d07be 100644 --- a/bfd/versados.c +++ b/bfd/versados.c @@ -373,10 +373,17 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass) | (otr->map[3] << 0); struct esdid *esdid = &EDATA (abfd, otr->esdid - 1); - unsigned char *contents = esdid->contents; + unsigned char *contents; bfd_boolean need_contents = FALSE; - unsigned int dst_idx = esdid->pc; - + unsigned int dst_idx; + + /* PR 17512: file: ac7da425. */ + if (otr->esdid == 0) + return; + + contents = esdid->contents; + dst_idx = esdid->pc; + for (shift = ((unsigned long) 1 << 31); shift && srcp < endp; shift >>= 1) { if (bits & shift) @@ -399,7 +406,7 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass) if (pass == 1) need_contents = TRUE; - else if (contents) + else if (contents && dst_idx < esdid->section->size - sizeinwords * 2) for (j = 0; j < sizeinwords * 2; j++) { contents[dst_idx + (sizeinwords * 2) - j - 1] = val; @@ -421,10 +428,13 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass) } else { - arelent *n = - EDATA (abfd, otr->esdid - 1).section->relocation + rn; - n->address = dst_idx; + arelent *n; + /* PR 17512: file: 54f733e0. */ + if (EDATA (abfd, otr->esdid - 1).section == NULL) + continue; + n = EDATA (abfd, otr->esdid - 1).section->relocation + rn; + n->address = dst_idx; n->sym_ptr_ptr = (asymbol **) (size_t) id; n->addend = 0; n->howto = versados_howto_table + ((j & 1) * 2) + (sizeinwords - 1); @@ -798,7 +808,11 @@ versados_canonicalize_reloc (bfd *abfd, /* Section relative thing. */ struct esdid *e = &EDATA (abfd, esdid - 1); - src[count].sym_ptr_ptr = e->section->symbol_ptr_ptr; + /* PR 17512: file:cd92277c. */ + if (e->section) + src[count].sym_ptr_ptr = e->section->symbol_ptr_ptr; + else + src[count].sym_ptr_ptr = bfd_und_section_ptr->symbol_ptr_ptr; } /* PR 17512: file:3757-2936-0.004. */ else if ((unsigned) (esdid - ES_BASE) >= bfd_get_symcount (abfd)) |