diff options
| author | Nick Clifton <nickc@redhat.com> | 2014-12-08 17:51:46 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2014-12-08 17:51:46 +0000 |
| commit | 53774b7e76dc5b3e8cc00d6f7a9d27e6c65830a9 (patch) | |
| tree | d83a4ad028139a5ea164eec9bb36fe96115ca3b1 /binutils/elfcomm.c | |
| parent | 2ebecbb12e1281fca50fb0361475a01243432825 (diff) | |
| download | gdb-53774b7e76dc5b3e8cc00d6f7a9d27e6c65830a9.zip gdb-53774b7e76dc5b3e8cc00d6f7a9d27e6c65830a9.tar.gz gdb-53774b7e76dc5b3e8cc00d6f7a9d27e6c65830a9.tar.bz2 | |
More fixes for invalid memory accesses triggered by fuzzed binaries.
PR binutils/17531
* dwarf.c (display_debug_frames): Check for a negative
augmentation data length.
(display_gdb_index): Check for invalid offsets.
* elfcomm.c (process_archive_index_and_symbols): Check for an
index number that overflows when multiplied by the ar index size.
* readelf.c (dump_ia64_unwind): Add range checks.
(slurp_ia64_unwind_table): Change to a boolean function. Add
range checks.
(process_version_sections): Add range checks.
(get_symbol_version_string): Add check for missing section
headers.
Diffstat (limited to 'binutils/elfcomm.c')
| -rw-r--r-- | binutils/elfcomm.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/binutils/elfcomm.c b/binutils/elfcomm.c index bbf1955..0cdcf63 100644 --- a/binutils/elfcomm.c +++ b/binutils/elfcomm.c @@ -510,9 +510,11 @@ process_archive_index_and_symbols (struct archive_info * arch, arch->index_num = byte_get_big_endian (integer_buffer, sizeof_ar_index); size -= sizeof_ar_index; - if (size < arch->index_num * sizeof_ar_index) + if (size < arch->index_num * sizeof_ar_index + /* PR 17531: file: 585515d1. */ + || size < arch->index_num) { - error (_("%s: the archive index is supposed to have %ld entries of %d bytes, but the size is only %ld\n"), + error (_("%s: the archive index is supposed to have 0x%lx entries of %d bytes, but the size is only 0x%lx\n"), arch->file_name, (long) arch->index_num, sizeof_ar_index, size); return FALSE; } |