From 033539e2685156ad6ad60e5925bc61cef5ced483 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Tue, 16 Dec 2014 14:17:15 +0000 Subject: Fix a memory access violation triggeed by a fuzzed binary. PR binutils/17512 * format.c (bfd_check_format_matches): Check for a matching vector before using match priorities. * mach-o.c (bfd_mach_o_canonicalize_one_reloc): Fix off-by-one errors with previous delta. --- bfd/ChangeLog | 8 ++++++++ bfd/format.c | 2 +- bfd/mach-o.c | 6 ++++-- 3 files changed, 13 insertions(+), 3 deletions(-) (limited to 'bfd') diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 561c603..6152f51 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,11 @@ +2014-12-16 Nick Clifton + + PR binutils/17512 + * format.c (bfd_check_format_matches): Check for a matching vector + before using match priorities. + * mach-o.c (bfd_mach_o_canonicalize_one_reloc): Fix off-by-one + errors with previous delta. + 2014-12-15 H.J. Lu PR ld/17713 diff --git a/bfd/format.c b/bfd/format.c index c4bc944..f0d1e66 100644 --- a/bfd/format.c +++ b/bfd/format.c @@ -402,7 +402,7 @@ bfd_check_format_matches (bfd *abfd, bfd_format format, char ***matching) /* We still have more than one equally good match, and at least some of the targets support match priority. Choose the first of the best matches. */ - if (match_count > 1 && best_count != match_count) + if (matching_vector && match_count > 1 && best_count != match_count) { int i; diff --git a/bfd/mach-o.c b/bfd/mach-o.c index 31ffa84..61d60db 100644 --- a/bfd/mach-o.c +++ b/bfd/mach-o.c @@ -1350,7 +1350,7 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd, if (reloc.r_extern) { /* PR 17512: file: 8396-1185-0.004. */ - if (num >= bfd_get_symcount (abfd)) + if (bfd_get_symcount (abfd) > 0 && num > bfd_get_symcount (abfd)) sym = bfd_und_section_ptr->symbol_ptr_ptr; else /* An external symbol number. */ @@ -1368,7 +1368,7 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd, else { /* PR 17512: file: 006-2964-0.004. */ - if (num >= mdata->nsects) + if (num > mdata->nsects) return -1; /* A section number. */ @@ -1400,6 +1400,7 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd, if (!(*bed->_bfd_mach_o_swap_reloc_in)(res, &reloc)) return -1; + return 0; } @@ -1414,6 +1415,7 @@ bfd_mach_o_canonicalize_relocs (bfd *abfd, unsigned long filepos, /* Allocate and read relocs. */ native_size = count * BFD_MACH_O_RELENT_SIZE; + native_relocs = (struct mach_o_reloc_info_external *) bfd_malloc (native_size); if (native_relocs == NULL) -- cgit v1.1