aboutsummaryrefslogtreecommitdiff
path: root/binutils/elfcomm.c
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2014-12-22 22:44:34 +0000
committerNick Clifton <nickc@redhat.com>2014-12-22 22:44:34 +0000
commit058037d3a169c91042c9b8549f7d04fd7550bed6 (patch)
tree04bbe357f30d3cc370dcb9ed325b2acb0b1be1fa /binutils/elfcomm.c
parent5860e3f883597cf6b8a937547015394edc1e8784 (diff)
downloadgdb-058037d3a169c91042c9b8549f7d04fd7550bed6.zip
gdb-058037d3a169c91042c9b8549f7d04fd7550bed6.tar.gz
gdb-058037d3a169c91042c9b8549f7d04fd7550bed6.tar.bz2
More fixes for invalid memory accesses exposed by fuzzed binaries.
PR binutils/17531 * dwarf.c (decode_location_expression): Check for an out of range value for a DW_OP_GNU_entry_value expression. (display_debug_lines_raw): Check for a partial .debug_line. section being encountered without a prior, full .debug.line section. (display_debug_lines_decoded): Likewise. Also check for li_line_range being zero. (display_debug_pubnames_worker): Check for an invalid pn_length field. (read_cie): Add range checks. * elfcomm.c (setup_archive): Check for a negative longnames_size.
Diffstat (limited to 'binutils/elfcomm.c')
-rw-r--r--binutils/elfcomm.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/binutils/elfcomm.c b/binutils/elfcomm.c
index 0cdcf63..0fdbcfb 100644
--- a/binutils/elfcomm.c
+++ b/binutils/elfcomm.c
@@ -655,6 +655,14 @@ setup_archive (struct archive_info *arch, const char *file_name,
file_name, arch->longnames_size);
return 1;
}
+ /* PR 17531: file: 639d6a26. */
+ if ((signed long) arch->longnames_size < 0)
+ {
+ error (_("%s: long name table is too big, (size = 0x%lx)\n"),
+ file_name, arch->longnames_size);
+ return 1;
+ }
+
arch->next_arhdr_offset += sizeof arch->arhdr + arch->longnames_size;
/* Plus one to allow for a string terminator. */
@@ -676,6 +684,8 @@ setup_archive (struct archive_info *arch, const char *file_name,
if ((arch->longnames_size & 1) != 0)
getc (file);
+
+ arch->longnames[arch->longnames_size] = 0;
}
return 0;