diff options
author | Nick Clifton <nickc@redhat.com> | 2014-12-22 22:44:34 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2014-12-22 22:44:34 +0000 |
commit | 058037d3a169c91042c9b8549f7d04fd7550bed6 (patch) | |
tree | 04bbe357f30d3cc370dcb9ed325b2acb0b1be1fa /binutils/elfcomm.c | |
parent | 5860e3f883597cf6b8a937547015394edc1e8784 (diff) | |
download | gdb-058037d3a169c91042c9b8549f7d04fd7550bed6.zip gdb-058037d3a169c91042c9b8549f7d04fd7550bed6.tar.gz gdb-058037d3a169c91042c9b8549f7d04fd7550bed6.tar.bz2 |
More fixes for invalid memory accesses exposed by fuzzed binaries.
PR binutils/17531
* dwarf.c (decode_location_expression): Check for an out of range
value for a DW_OP_GNU_entry_value expression.
(display_debug_lines_raw): Check for a partial
.debug_line. section being encountered without a prior, full
.debug.line section.
(display_debug_lines_decoded): Likewise. Also check for
li_line_range being zero.
(display_debug_pubnames_worker): Check for an invalid pn_length
field.
(read_cie): Add range checks.
* elfcomm.c (setup_archive): Check for a negative longnames_size.
Diffstat (limited to 'binutils/elfcomm.c')
-rw-r--r-- | binutils/elfcomm.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/binutils/elfcomm.c b/binutils/elfcomm.c index 0cdcf63..0fdbcfb 100644 --- a/binutils/elfcomm.c +++ b/binutils/elfcomm.c @@ -655,6 +655,14 @@ setup_archive (struct archive_info *arch, const char *file_name, file_name, arch->longnames_size); return 1; } + /* PR 17531: file: 639d6a26. */ + if ((signed long) arch->longnames_size < 0) + { + error (_("%s: long name table is too big, (size = 0x%lx)\n"), + file_name, arch->longnames_size); + return 1; + } + arch->next_arhdr_offset += sizeof arch->arhdr + arch->longnames_size; /* Plus one to allow for a string terminator. */ @@ -676,6 +684,8 @@ setup_archive (struct archive_info *arch, const char *file_name, if ((arch->longnames_size & 1) != 0) getc (file); + + arch->longnames[arch->longnames_size] = 0; } return 0; |