aboutsummaryrefslogtreecommitdiff
path: root/bfd
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2014-03-06 10:57:13 +0000
committerNick Clifton <nickc@redhat.com>2014-03-06 10:57:13 +0000
commite9847026c92f330f18863a7b9cb0aaa299345559 (patch)
treece50694351de5b1010ad3c17f7ebe9d08581949c /bfd
parent5fa1d40e9790ed55931263430130e69a99329be7 (diff)
downloadgdb-e9847026c92f330f18863a7b9cb0aaa299345559.zip
gdb-e9847026c92f330f18863a7b9cb0aaa299345559.tar.gz
gdb-e9847026c92f330f18863a7b9cb0aaa299345559.tar.bz2
Patch for PR binutils/16664 which triggers a seg-fault when attempting to
display the contents of a corrupt attribute section. * readelf.c (process_attributes): Add checks for corrupt attribute section names. * elf-attrs.c (_bfd_elf_parse_attributes): Add checks for corrupt attribute section names.
Diffstat (limited to 'bfd')
-rw-r--r--bfd/ChangeLog6
-rw-r--r--bfd/elf-attrs.c9
2 files changed, 12 insertions, 3 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 9e60287..253e061 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2014-03-06 Nick Clifton <nickc@redhat.com>
+
+ PR 16664
+ * elf-attrs.c (_bfd_elf_parse_attributes): Add checks for corrupt
+ attribute section names.
+
2014-03-05 Alan Modra <amodra@gmail.com>
Update copyright years.
diff --git a/bfd/elf-attrs.c b/bfd/elf-attrs.c
index d2ef769..cd0cbca 100644
--- a/bfd/elf-attrs.c
+++ b/bfd/elf-attrs.c
@@ -449,7 +449,7 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
len = hdr->sh_size - 1;
while (len > 0)
{
- int namelen;
+ unsigned namelen;
bfd_vma section_len;
int vendor;
@@ -458,8 +458,11 @@ _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr)
if (section_len > len)
section_len = len;
len -= section_len;
- namelen = strlen ((char *) p) + 1;
- section_len -= namelen + 4;
+ section_len -= 4;
+ namelen = strnlen ((char *) p, section_len) + 1;
+ if (namelen == 0 || namelen >= section_len)
+ break;
+ section_len -= namelen;
if (std_sec && strcmp ((char *) p, std_sec) == 0)
vendor = OBJ_ATTR_PROC;
else if (strcmp ((char *) p, "gnu") == 0)