diff options
| author | Alan Modra <amodra@gmail.com> | 2020-03-09 21:26:05 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2020-03-09 21:38:48 +1030 |
| commit | 95099889938ef50922779a0db03f277eea8747b5 (patch) | |
| tree | 74ec293db6ce991b5bee0bcb34c484dcbbf5fa74 /binutils | |
| parent | 865e20278c2665c13946a32ae67f55161b0d56d7 (diff) | |
| download | gdb-95099889938ef50922779a0db03f277eea8747b5.zip gdb-95099889938ef50922779a0db03f277eea8747b5.tar.gz gdb-95099889938ef50922779a0db03f277eea8747b5.tar.bz2 | |
PR25645, readelf segfault reading fuzzed alpha-vms binary
PR 25645
* readelf.c (dump_ia64_vms_dynamic_fixups): Pass size and nmemb
to get_data rather than multiplying.
(dump_ia64_vms_dynamic_relocs): Likewise.
(process_version_sections): Correct order of size and nmemb args
in get_data call.
(process_mips_specific): Likewise.
Diffstat (limited to 'binutils')
| -rw-r--r-- | binutils/ChangeLog | 10 | ||||
| -rw-r--r-- | binutils/readelf.c | 24 |
2 files changed, 22 insertions, 12 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index b520cc9..05c2939 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,13 @@ +2020-03-09 Alan Modra <amodra@gmail.com> + + PR 25645 + * readelf.c (dump_ia64_vms_dynamic_fixups): Pass size and nmemb + to get_data rather than multiplying. + (dump_ia64_vms_dynamic_relocs): Likewise. + (process_version_sections): Correct order of size and nmemb args + in get_data call. + (process_mips_specific): Likewise. + 2020-03-08 H.J. Lu <hongjiu.lu@intel.com> * readelf.c (get_dynamic_data): Replace "memory chekers" with diff --git a/binutils/readelf.c b/binutils/readelf.c index 0df2af8..260ea33 100644 --- a/binutils/readelf.c +++ b/binutils/readelf.c @@ -7091,7 +7091,7 @@ dump_ia64_vms_dynamic_fixups (Filedata * filedata, const char * lib_name; imfs = get_data (NULL, filedata, dynamic_addr + fixup->fixup_rela_off, - 1, fixup->fixup_rela_cnt * sizeof (*imfs), + sizeof (*imfs), fixup->fixup_rela_cnt, _("dynamic section image fixups")); if (!imfs) return FALSE; @@ -7140,7 +7140,7 @@ dump_ia64_vms_dynamic_relocs (Filedata * filedata, struct ia64_vms_dynimgrela *i long i; imrs = get_data (NULL, filedata, dynamic_addr + imgrela->img_rela_off, - 1, imgrela->img_rela_cnt * sizeof (*imrs), + sizeof (*imrs), imgrela->img_rela_cnt, _("dynamic section image relocations")); if (!imrs) return FALSE; @@ -10898,9 +10898,9 @@ process_version_sections (Filedata * filedata) off = offset_from_vma (filedata, version_info[DT_VERSIONTAGIDX (DT_VERSYM)], total * sizeof (short)); - edata = (unsigned char *) get_data (NULL, filedata, off, total, - sizeof (short), - _("version symbol data")); + edata = (unsigned char *) get_data (NULL, filedata, off, + sizeof (short), total, + _("version symbol data")); if (!edata) { free (strtab); @@ -16639,9 +16639,9 @@ process_mips_specific (Filedata * filedata) size_t cnt; elib = (Elf32_External_Lib *) get_data (NULL, filedata, liblist_offset, - liblistno, - sizeof (Elf32_External_Lib), - _("liblist section data")); + sizeof (Elf32_External_Lib), + liblistno, + _("liblist section data")); if (elib) { printf (ngettext ("\nSection '.liblist' contains %lu entry:\n", @@ -17008,8 +17008,8 @@ process_mips_specific (Filedata * filedata) Elf32_External_Conflict * econf32; econf32 = (Elf32_External_Conflict *) - get_data (NULL, filedata, conflicts_offset, conflictsno, - sizeof (* econf32), _("conflict")); + get_data (NULL, filedata, conflicts_offset, + sizeof (*econf32), conflictsno, _("conflict")); if (!econf32) return FALSE; @@ -17023,8 +17023,8 @@ process_mips_specific (Filedata * filedata) Elf64_External_Conflict * econf64; econf64 = (Elf64_External_Conflict *) - get_data (NULL, filedata, conflicts_offset, conflictsno, - sizeof (* econf64), _("conflict")); + get_data (NULL, filedata, conflicts_offset, + sizeof (*econf64), conflictsno, _("conflict")); if (!econf64) return FALSE; |