diff options
| author | Nick Clifton <nickc@redhat.com> | 2015-01-08 15:39:49 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2015-01-08 15:39:49 +0000 |
| commit | 063bb0250defafcc55544474a2961ecbc153882e (patch) | |
| tree | 5ec4e53c3bbc11fc7ff8dce67ccfacaad5608767 /binutils | |
| parent | 848cde35d61874521ad6c88a50f983d5ee7d2307 (diff) | |
| download | gdb-063bb0250defafcc55544474a2961ecbc153882e.zip gdb-063bb0250defafcc55544474a2961ecbc153882e.tar.gz gdb-063bb0250defafcc55544474a2961ecbc153882e.tar.bz2 | |
Fix memory access violations exposed by running strip on fuzzed binaries.
PR binutils/17512
* coffcode.h (coff_slurp_symbol_table): Return false if we failed
to load the line table.
* elf.c (_bfd_elf_map_sections_to_segments): Enforce a minimum
maxpagesize of 1.
* peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Fail if
the Data Directory Size is too large.
* objcopy.c (copy_object): Free the symbol table if no symbols
could be loaded.
(copy_file): Use bfd_close_all_done to close files that could not
be copied.
Diffstat (limited to 'binutils')
| -rw-r--r-- | binutils/ChangeLog | 5 | ||||
| -rw-r--r-- | binutils/objcopy.c | 14 |
2 files changed, 18 insertions, 1 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index d6c3070..e6fa3c1 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,6 +1,11 @@ 2015-01-08 Nick Clifton <nickc@redhat.com> PR binutils/17512 + * ojcopy.c (copy_object): Free the symbol table if no symbols + could be loaded. + (copy_file): Use bfd_close_all_done to close files that could not + be copied. + * sysdump.c (getINT): Fail if reading off the end of the buffer. Replace call to abort with a call to fatal. (getCHARS): Prevetn reading off the end of the buffer. diff --git a/binutils/objcopy.c b/binutils/objcopy.c index 25f0131..9524bb8 100644 --- a/binutils/objcopy.c +++ b/binutils/objcopy.c @@ -1776,6 +1776,14 @@ copy_object (bfd *ibfd, bfd *obfd, const bfd_arch_info_type *input_arch) bfd_nonfatal_message (NULL, ibfd, NULL, NULL); return FALSE; } + /* PR 17512: file: d6323821 + If the symbol table could not be loaded do not pretend that we have + any symbols. This trips us up later on when we load the relocs. */ + if (symcount == 0) + { + free (isympp); + osympp = isympp = NULL; + } /* BFD mandates that all output sections be created and sizes set before any output is done. Thus, we traverse all sections multiple times. */ @@ -2552,7 +2560,11 @@ copy_file (const char *input_filename, const char *output_filename, if (! copy_object (ibfd, obfd, input_arch)) status = 1; - if (!bfd_close (obfd)) + /* PR 17512: file: 0f15796a. + If the file could not be copied it may not be in a writeable + state. So use bfd_close_all_done to avoid the possibility of + writing uninitialised data into the file. */ + if (! (status ? bfd_close_all_done (obfd) : bfd_close (obfd))) { status = 1; bfd_nonfatal_message (output_filename, NULL, NULL, NULL); |