diff options
| author | Nick Clifton <nickc@redhat.com> | 2016-08-08 13:20:04 +0100 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2016-08-08 13:20:04 +0100 |
| commit | d8024a9189b9e686e403512a96e4256823b5c6e4 (patch) | |
| tree | 0b858324d0bded058516cc8557c9bdf027173bdd /binutils/readelf.c | |
| parent | 8a286b63457628b0a55d395f14005f254512e27d (diff) | |
| download | gdb-d8024a9189b9e686e403512a96e4256823b5c6e4.zip gdb-d8024a9189b9e686e403512a96e4256823b5c6e4.tar.gz gdb-d8024a9189b9e686e403512a96e4256823b5c6e4.tar.bz2 | |
Fix seg-faults when running readelf on fuzzed binaries.
PR binutils/20440
* dwarf.c (display_debug_lines_decoded): Add checks for running
off the end of the section when populating the directory table and
file table.
(frame_display_row): Set max_regs equal to ncols.
(load_specific_debug_section): If the section is compressed, but
it is not big enough to hold a compression header then warn and
return 0.
Diffstat (limited to 'binutils/readelf.c')
| -rw-r--r-- | binutils/readelf.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/binutils/readelf.c b/binutils/readelf.c index 4c7ad4c..e6674c2 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -5622,6 +5622,7 @@ get_compression_header (Elf_Internal_Chdr *chdr, unsigned char *buf) if (is_32bit_elf) { Elf32_External_Chdr *echdr = (Elf32_External_Chdr *) buf; + chdr->ch_type = BYTE_GET (echdr->ch_type); chdr->ch_size = BYTE_GET (echdr->ch_size); chdr->ch_addralign = BYTE_GET (echdr->ch_addralign); @@ -5630,6 +5631,7 @@ get_compression_header (Elf_Internal_Chdr *chdr, unsigned char *buf) else { Elf64_External_Chdr *echdr = (Elf64_External_Chdr *) buf; + chdr->ch_type = BYTE_GET (echdr->ch_type); chdr->ch_size = BYTE_GET (echdr->ch_size); chdr->ch_addralign = BYTE_GET (echdr->ch_addralign); @@ -6086,12 +6088,15 @@ process_section_headers (FILE * file) /* Minimum section size is 12 bytes for 32-bit compression header + 12 bytes for compressed data header. */ unsigned char buf[24]; + assert (sizeof (buf) >= sizeof (Elf64_External_Chdr)); if (get_data (&buf, (FILE *) file, section->sh_offset, 1, sizeof (buf), _("compression header"))) { Elf_Internal_Chdr chdr; - get_compression_header (&chdr, buf); + + (void) get_compression_header (&chdr, buf); + if (chdr.ch_type == ELFCOMPRESS_ZLIB) printf (" ZLIB, "); else @@ -12573,8 +12578,17 @@ load_specific_debug_section (enum dwarf_section_display_enum debug, if ((sec->sh_flags & SHF_COMPRESSED) != 0) { Elf_Internal_Chdr chdr; - unsigned int compression_header_size - = get_compression_header (&chdr, start); + unsigned int compression_header_size; + + if (size < sizeof chdr) + { + warn (_("compressed section %s is too small to contain a compression header"), + section->name); + return 0; + } + + compression_header_size = get_compression_header (&chdr, start); + if (chdr.ch_type != ELFCOMPRESS_ZLIB) { warn (_("section '%s' has unsupported compress type: %d\n"), |