From 877a8638ba563c667eb5358240334c473d0573a1 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Tue, 27 Jan 2015 15:49:12 +0000 Subject: Fixes for memory access violations triggered by running addr2line on fuzzed binaries. PR binutils/17512 * addr2line.c (slurp_symtab): If the symcount is zero, free the symbol table pointer. * dwarf2.c (concat_filename): Check for an empty directory table. (scan_unit_for_symbols): Check for reading off the end of the unit. (parse_comp_unit): Check for a DW_AT_comp_dir attribute with a non-string form. * elf64-ppc.c (opd_entry_value): Fail if there are no relocs available. --- bfd/dwarf2.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'bfd/dwarf2.c') diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c index 118092c..ccc1365 100644 --- a/bfd/dwarf2.c +++ b/bfd/dwarf2.c @@ -1387,7 +1387,9 @@ concat_filename (struct line_info_table *table, unsigned int file) char *name; size_t len; - if (table->files[file - 1].dir) + if (table->files[file - 1].dir + /* PR 17512: file: 7f3d2e4b. */ + && table->dirs != NULL) subdir_name = table->dirs[table->files[file - 1].dir - 1]; if (!subdir_name || !IS_ABSOLUTE_PATH (subdir_name)) @@ -2340,6 +2342,10 @@ scan_unit_for_symbols (struct comp_unit *unit) bfd_vma high_pc = 0; bfd_boolean high_pc_relative = FALSE; + /* PR 17512: file: 9f405d9d. */ + if (info_ptr >= unit->stash->info_ptr_end) + goto fail; + abbrev_number = read_unsigned_leb128 (abfd, info_ptr, &bytes_read); info_ptr += bytes_read; @@ -2721,6 +2727,15 @@ parse_comp_unit (struct dwarf2_debug *stash, case DW_AT_comp_dir: { char *comp_dir = attr.u.str; + + /* PR 17512: file: 1fe726be. */ + if (! is_str_attr (attr.form)) + { + (*_bfd_error_handler) + (_("Dwarf Error: DW_AT_comp_dir attribute encountered with a non-string form.")); + comp_dir = NULL; + } + if (comp_dir) { /* Irix 6.2 native cc prepends .: to the compilation -- cgit v1.1