diff options
author | Nick Clifton <nickc@redhat.com> | 2015-01-07 16:41:25 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2015-01-07 16:41:25 +0000 |
commit | c88f5b8e495889f5d281a17bd56340d9a0e4cff6 (patch) | |
tree | 5e133afda04cfc1f388722a8887db5752a308e37 /binutils | |
parent | ea42d6f8d1e24403e533e5dfea18e94c47ac534b (diff) | |
download | gdb-c88f5b8e495889f5d281a17bd56340d9a0e4cff6.zip gdb-c88f5b8e495889f5d281a17bd56340d9a0e4cff6.tar.gz gdb-c88f5b8e495889f5d281a17bd56340d9a0e4cff6.tar.bz2 |
Fix memory access violations exposed by running the srconv tool on fuzzed binaries.
PR binutils/17512
* objdump.c (display_any_bfd): Add a depth limit to nested archive
display in order to avoid infinite loops.
* srconv.c: Replace calls to abort with calls to fatal with an
error message.
Diffstat (limited to 'binutils')
-rw-r--r-- | binutils/ChangeLog | 8 | ||||
-rw-r--r-- | binutils/objdump.c | 9 | ||||
-rw-r--r-- | binutils/srconv.c | 28 |
3 files changed, 31 insertions, 14 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 338be86..31a6696 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,11 @@ +2015-01-07 Nick Clifton <nickc@redhat.com> + + PR binutils/17512 + * objdump.c (display_any_bfd): Add a depth limit to nested archive + display in order to avoid infinite loops. + * srconv.c: Replace calls to abort with calls to fatal with an + error message. + 2015-01-06 Nick Clifton <nickc@redhat.com> PR binutils/17512 diff --git a/binutils/objdump.c b/binutils/objdump.c index a8c7d05..22e5ad6 100644 --- a/binutils/objdump.c +++ b/binutils/objdump.c @@ -3406,9 +3406,16 @@ display_any_bfd (bfd *file, int level) { bfd *arfile = NULL; bfd *last_arfile = NULL; - + if (level == 0) printf (_("In archive %s:\n"), bfd_get_filename (file)); + else if (level > 100) + { + /* Prevent corrupted files from spinning us into an + infinite loop. 100 is an arbitrary heuristic. */ + non_fatal (_("Archive nesting is too deep")); + return; + } else printf (_("In nested archive %s:\n"), bfd_get_filename (file)); diff --git a/binutils/srconv.c b/binutils/srconv.c index d2e0cdb..c19c0ed 100644 --- a/binutils/srconv.c +++ b/binutils/srconv.c @@ -167,7 +167,8 @@ checksum (FILE *ffile, unsigned char *ptr, int size, int ccode) last = !(ccode & 0xff00); if (size & 0x7) - abort (); + fatal (_("Checksum failure")); + ptr[0] = ccode | (last ? 0x80 : 0); ptr[1] = bytes + 1; @@ -178,7 +179,7 @@ checksum (FILE *ffile, unsigned char *ptr, int size, int ccode) ptr[bytes] = ~sum; if (fwrite (ptr, bytes + 1, 1, ffile) != 1) /* FIXME: Return error status. */ - abort (); + fatal (_("Failed to write checksum")); } @@ -218,7 +219,7 @@ writeINT (int n, unsigned char *ptr, int *idx, int size, FILE *ffile) ptr[byte + 3] = n >> 0; break; default: - abort (); + fatal (_("Unsupported integer write size: %d"), size); } *idx += size * 8; } @@ -304,7 +305,7 @@ wr_tr (void) if (fwrite (b, sizeof (b), 1, file) != 1) /* FIXME: Return error status. */ - abort (); + fatal (_("Failed to write TR block")); } static void @@ -395,7 +396,8 @@ wr_hd (struct coff_ofile *p) toolname = "C_H8/300S"; break; default: - abort(); + fatal (_("Unrecognized H8300 sub-architecture: %ld"), + bfd_get_mach (abfd)); } rnames = rname_h8300; break; @@ -412,7 +414,7 @@ wr_hd (struct coff_ofile *p) rnames = rname_sh; break; default: - abort (); + fatal (_("Unsupported architecture: %d"), bfd_get_arch (abfd)); } if (! (bfd_get_file_flags(abfd) & EXEC_P)) @@ -866,7 +868,7 @@ walk_tree_type_1 (struct coff_sfile *sfile, struct coff_symbol *symbol, break; default: - abort (); + fatal (_("Unrecognised type: %d"), type->type); } } @@ -995,7 +997,7 @@ walk_tree_symbol (struct coff_sfile *sfile, struct coff_section *section ATTRIBU return; default: - abort (); + fatal (_("Unrecognised coff symbol type: %d"), symbol->type->type); } if (symbol->where->where == coff_where_member_of_struct) @@ -1057,7 +1059,7 @@ walk_tree_symbol (struct coff_sfile *sfile, struct coff_section *section ATTRIBU break; default: - abort (); + fatal (_("Unrecognised coff symbol visibility: %d"), symbol->visible->type); } dsy.dlength = symbol->type->size; @@ -1083,7 +1085,7 @@ walk_tree_symbol (struct coff_sfile *sfile, struct coff_section *section ATTRIBU break; default: - abort (); + fatal (_("Unrecognised coff symbol location: %d"), symbol->where->where); } switch (symbol->where->where) @@ -1128,7 +1130,7 @@ walk_tree_symbol (struct coff_sfile *sfile, struct coff_section *section ATTRIBU break; default: - abort (); + fatal (_("Unrecognised coff symbol location: %d"), symbol->where->where); } if (symbol->where->where == coff_where_register) @@ -1157,7 +1159,7 @@ walk_tree_symbol (struct coff_sfile *sfile, struct coff_section *section ATTRIBU break; default: - abort (); + fatal (_("Unrecognised coff symbol visibility: %d"), symbol->visible->type); } dsy.sfn = 0; @@ -1460,7 +1462,7 @@ wr_cs (void) if (fwrite (b, sizeof (b), 1, file) != 1) /* FIXME: Return error status. */ - abort (); + fatal (_("Failed to write CS struct")); } /* Write out the SC records for a unit. Create an SC |