diff options
author | Nick Clifton <nickc@redhat.com> | 2015-02-10 17:13:31 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2015-02-10 17:13:31 +0000 |
commit | 03a91817f163986f10cb843f58e2f2cd9186e4f0 (patch) | |
tree | 191b2434a366bef2d4e25cd84dacf420123da541 /binutils | |
parent | 77ef86547510cee3a2bff27bea9f19f0b2715bae (diff) | |
download | gdb-03a91817f163986f10cb843f58e2f2cd9186e4f0.zip gdb-03a91817f163986f10cb843f58e2f2cd9186e4f0.tar.gz gdb-03a91817f163986f10cb843f58e2f2cd9186e4f0.tar.bz2 |
Fixes for memory access violations triggered by running readelf on fuzzed binaries.
PR binutils/17531
* dwarf.c (process_debug_info): Zero the debug information array
since correct initialisation cannot be relied upon.
(process_cu_tu_index): Improve range checks.
Diffstat (limited to 'binutils')
-rw-r--r-- | binutils/ChangeLog | 5 | ||||
-rw-r--r-- | binutils/dwarf.c | 11 |
2 files changed, 14 insertions, 2 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 93cab73..4befee3 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -17,6 +17,11 @@ li_prologue_length. (eh_addr_size): Update prototype. + PR binutils/17531 + * dwarf.c (process_debug_info): Zero the debug information array + since correct initialisation cannot be relied upon. + (process_cu_tu_index): Improve range checks. + 2015-02-09 Mark Wielaard <mjw@redhat.com> * dwarf.c (read_and_display_attr_value): Handle DW_LANG_Fortran03 diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 9daf315..426dca5 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -2304,6 +2304,13 @@ process_debug_info (struct dwarf_section *section, alloc_num_debug_info_entries = num_debug_info_entries = 0; return 0; } + /* PR 17531: file: 92ca3797. + We cannot rely upon the debug_information array being initialised + before it is used. A corrupt file could easily contain references + to a unit for which information has not been made available. So + we ensure that the array is zeroed here. */ + memset (debug_information, 0, num_units * sizeof * debug_information); + alloc_num_debug_info_entries = num_units; } @@ -6913,7 +6920,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display) ppool = pindex + nslots * 4; /* PR 17531: file: 45d69832. */ - if (pindex < phash || ppool < phdr) + if (pindex < phash || ppool < phdr || (pindex == phash && nslots != 0)) { warn (_("Section %s is too small for %d slots\n"), section->name, nslots); @@ -6930,7 +6937,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display) printf (_(" Number of slots: %d\n\n"), nslots); } - if (ppool > limit) + if (ppool > limit || ppool < phdr) { warn (_("Section %s too small for %d hash table entries\n"), section->name, nslots); |