From 5a3f568b70bdfb91aacdfb66657b56d8c6d242f1 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Mon, 3 Nov 2014 17:44:00 +0000 Subject: More fixes for buffer overruns instigated by corrupt binaries. PR binutils/17512 * objdump.c (slurp_symtab): Fail gracefully if the table could not be read. (dump_relocs_in_section): Likewise. * aoutx.h (slurp_symbol_table): Check that computed table size is not bigger than the file from which is it being read. (slurp_reloc_table): Likewise. * coffcode.h (coff_slurp_line_table): Remove unneeded local 'warned'. Do not try to print the details of a symbol with an invalid index. * coffgen.c (make_a_sectiobn_from_file): Check computed string index against length of string table. (bfd_coff_internal_syment_name): Check read in string offset against length of string table. (build_debug_section): Return a pointer to the section used. (_bfd_coff_read_string_table): Store the length of the string table in the coff_tdata structure. (bfd_coff_free_symbols): Set the length of the string table to zero when it is freed. (coff_get_normalized_symtab): Check offsets against string table or data table lengths as appropriate. * cofflink.c (_bfd_coff_link_input_bfd): Check offset against length of string table. * compress.c (bfd_get_full_section_contents): Check computed size against the size of the file. * libcoff-in.h (obj_coff_strings_len): Define. (struct coff_tdata): Add strings_len field. * libcoff.h: Regenerate. * peXXigen.c (pe_print_debugdata): Do not attempt to print the data if the debug section is too small. * xcofflink.c (xcoff_link_input_bfd): Check offset against length of string table. --- binutils/objdump.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'binutils/objdump.c') diff --git a/binutils/objdump.c b/binutils/objdump.c index 413de56..f6c4c16 100644 --- a/binutils/objdump.c +++ b/binutils/objdump.c @@ -562,7 +562,10 @@ slurp_symtab (bfd *abfd) storage = bfd_get_symtab_upper_bound (abfd); if (storage < 0) - bfd_fatal (bfd_get_filename (abfd)); + { + non_fatal (_("failed to read symbol table from: %s"), bfd_get_filename (abfd)); + bfd_fatal (_("error message was")); + } if (storage) sy = (asymbol **) xmalloc (storage); @@ -3108,7 +3111,11 @@ dump_relocs_in_section (bfd *abfd, relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms); if (relcount < 0) - bfd_fatal (bfd_get_filename (abfd)); + { + printf ("\n"); + non_fatal (_("failed to read relocs in: %s"), bfd_get_filename (abfd)); + bfd_fatal (_("error message was")); + } else if (relcount == 0) printf (" (none)\n\n"); else -- cgit v1.1