diff options
| author |   Nick Clifton <nickc@redhat.com> | 2014-11-12 22:39:58 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2014-11-12 22:39:58 +0000 |
| commit | f41e4712a7b7ac60f181e7dfc984ca35c222f0d7 (patch) | |
| tree | 6ac324979fd61983fb6a27dccf9fe306725789fa /bfd/coffgen.c | |
| parent | GDBserver: clean up 'cont_thread' handling (diff) | |
| download | binutils-gdb-f41e4712a7b7ac60f181e7dfc984ca35c222f0d7.tar.gz binutils-gdb-f41e4712a7b7ac60f181e7dfc984ca35c222f0d7.tar.bz2 binutils-gdb-f41e4712a7b7ac60f181e7dfc984ca35c222f0d7.zip | |
Fix more memory faults uncovered by fuzzing various executables.
PR binutils/17512
* dwarf.c (read_and_display_attr_value): Check that we do not read
past end.
(display_debug_pubnames_worker): Add range checks.
(process_debug_info): Check for invalid pointer sizes.
(display_loc_list): Likewise.
(display_loc_list_dwo): Likewise.
(display_debug_ranges): Likewise.
(display_debug_aranges): Check for invalid address size.
(read_cie): Add range checks. Replace call strchr with while loop.
* objdump.c (dump_dwarf): Replace abort with a warning message.
(print_section_stabs): Improve range checks.
* rdcoff.c (coff_get_slot): Use long for indx parameter type.
Add check for an excesively large index.
* rddbg.c (read_section_stabs_debugging_info): Zero terminate the
string table. Avoid walking off the end of the stabs data.
* stabs.c (parse_stab_string): Add check for a NULL name.
PR binutils/17512
* coffcode.h (coff_slurp_line_table): Set the line number of
corrupt entries to -1.
(coff_slurp_symbol_table): Alway initialise the value of the
symbol.
* coffgen.c (coff_print_symbol): Check that the combined pointer
is valid.
(coff_print_symbol): Do not print negative line numbers.
* peXXigen.c (pe_print_idata): Add range checking displaying
member names.
Diffstat (limited to 'bfd/coffgen.c')
| -rw-r--r-- | bfd/coffgen.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/bfd/coffgen.c b/bfd/coffgen.c index aab88e38f17..9dcb3bd9abf 100644 --- a/bfd/coffgen.c +++ b/bfd/coffgen.c @@ -2099,6 +2099,14 @@ coff_print_symbol (bfd *abfd, fprintf (file, "[%3ld]", (long) (combined - root)); + /* PR 17512: file: 079-33786-0.001:0.1. */ + if (combined < obj_raw_syments (abfd) + || combined >= obj_raw_syments (abfd) + obj_raw_syment_count (abfd)) + { + fprintf (file, _("<corrupt info> %s"), symbol->name); + break; + } + if (! combined->fix_value) val = (bfd_vma) combined->u.syment.n_value; else @@ -2192,8 +2200,11 @@ coff_print_symbol (bfd *abfd, l++; while (l->line_number) { - fprintf (file, "\n%4d : ", l->line_number); - bfd_fprintf_vma (abfd, file, l->u.offset + symbol->section->vma); + if (l->line_number > 0) + { + fprintf (file, "\n%4d : ", l->line_number); + bfd_fprintf_vma (abfd, file, l->u.offset + symbol->section->vma); + } l++; } } |