aboutsummaryrefslogtreecommitdiff
path: root/binutils
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2015-02-10 17:13:31 +0000
committerNick Clifton <nickc@redhat.com>2015-02-10 17:13:31 +0000
commit03a91817f163986f10cb843f58e2f2cd9186e4f0 (patch)
tree191b2434a366bef2d4e25cd84dacf420123da541 /binutils
parent77ef86547510cee3a2bff27bea9f19f0b2715bae (diff)
downloadgdb-03a91817f163986f10cb843f58e2f2cd9186e4f0.zip
gdb-03a91817f163986f10cb843f58e2f2cd9186e4f0.tar.gz
gdb-03a91817f163986f10cb843f58e2f2cd9186e4f0.tar.bz2
Fixes for memory access violations triggered by running readelf on fuzzed binaries.
PR binutils/17531 * dwarf.c (process_debug_info): Zero the debug information array since correct initialisation cannot be relied upon. (process_cu_tu_index): Improve range checks.
Diffstat (limited to 'binutils')
-rw-r--r--binutils/ChangeLog5
-rw-r--r--binutils/dwarf.c11
2 files changed, 14 insertions, 2 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 93cab73..4befee3 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -17,6 +17,11 @@
li_prologue_length.
(eh_addr_size): Update prototype.
+ PR binutils/17531
+ * dwarf.c (process_debug_info): Zero the debug information array
+ since correct initialisation cannot be relied upon.
+ (process_cu_tu_index): Improve range checks.
+
2015-02-09 Mark Wielaard <mjw@redhat.com>
* dwarf.c (read_and_display_attr_value): Handle DW_LANG_Fortran03
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 9daf315..426dca5 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -2304,6 +2304,13 @@ process_debug_info (struct dwarf_section *section,
alloc_num_debug_info_entries = num_debug_info_entries = 0;
return 0;
}
+ /* PR 17531: file: 92ca3797.
+ We cannot rely upon the debug_information array being initialised
+ before it is used. A corrupt file could easily contain references
+ to a unit for which information has not been made available. So
+ we ensure that the array is zeroed here. */
+ memset (debug_information, 0, num_units * sizeof * debug_information);
+
alloc_num_debug_info_entries = num_units;
}
@@ -6913,7 +6920,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
ppool = pindex + nslots * 4;
/* PR 17531: file: 45d69832. */
- if (pindex < phash || ppool < phdr)
+ if (pindex < phash || ppool < phdr || (pindex == phash && nslots != 0))
{
warn (_("Section %s is too small for %d slots\n"),
section->name, nslots);
@@ -6930,7 +6937,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
printf (_(" Number of slots: %d\n\n"), nslots);
}
- if (ppool > limit)
+ if (ppool > limit || ppool < phdr)
{
warn (_("Section %s too small for %d hash table entries\n"),
section->name, nslots);