From: Nick Clifton Date: Thu, 27 Nov 2014 12:19:10 +0000 (+0000) Subject: Fixes a few more memory access violations exposed by fuzzed binaries. X-Git-Tag: gdb-7.9.0-release~495 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1036838a771b96ad9428e8fc7ecc45d3d8e056ce;p=external%2Fbinutils.git Fixes a few more memory access violations exposed by fuzzed binaries. PR binutils/17512 * ecoff.c (_bfd_ecoff_slurp_symbol_table): Warn about and correct a discrepancy between the isymMax and ifdMax values in the symbolic header. * elf.c (_bfd_elf_print_private_bfd_data): Fix the range check scanning the external dynamic entries. --- diff --git a/bfd/ChangeLog b/bfd/ChangeLog index c379fca..8fe5fe6 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,12 @@ +2014-11-27 Nick Clifton + + PR binutils/17512 + * ecoff.c (_bfd_ecoff_slurp_symbol_table): Warn about and correct + a discrepancy between the isymMax and ifdMax values in the + symbolic header. + * elf.c (_bfd_elf_print_private_bfd_data): Fix the range check + scanning the external dynamic entries. + 2014-11-26 Nick Clifton PR binutils/17512 diff --git a/bfd/ecoff.c b/bfd/ecoff.c index 33e2134..70783b1 100644 --- a/bfd/ecoff.c +++ b/bfd/ecoff.c @@ -905,6 +905,7 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd) &internal_ptr->symbol, 1, internal_esym.weakext)) return FALSE; + /* The alpha uses a negative ifd field for section symbols. */ if (internal_esym.ifd >= 0) internal_ptr->fdr = (ecoff_data (abfd)->debug_info.fdr @@ -946,6 +947,20 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd) } } + /* PR 17512: file: 3372-3080-0.004. + A discrepancy between ecoff_data (abfd)->debug_info.symbolic_header.isymMax + and ecoff_data (abfd)->debug_info.symbolic_header.ifdMax can mean that + we have fewer symbols than we were expecting. Allow for this by updating + the symbol count and warning the user. */ + if (internal_ptr - internal < bfd_get_symcount (abfd)) + { + bfd_get_symcount (abfd) = internal_ptr - internal; + (*_bfd_error_handler) + (_("%B: warning: isymMax (%ld) is greater than ifdMax (%d)\n"), + abfd, ecoff_data (abfd)->debug_info.symbolic_header.isymMax, + ecoff_data (abfd)->debug_info.symbolic_header.ifdMax); + } + ecoff_data (abfd)->canonical_symbols = internal; return TRUE; diff --git a/bfd/elf.c b/bfd/elf.c index d3a1bb4..de8d97f 100644 --- a/bfd/elf.c +++ b/bfd/elf.c @@ -1254,7 +1254,9 @@ _bfd_elf_print_private_bfd_data (bfd *abfd, void *farg) extdyn = dynbuf; extdynend = extdyn + s->size; - for (; extdyn < extdynend; extdyn += extdynsize) + /* PR 17512: file: id:000006,sig:06,src:000000,op:flip4,pos:5664. + Fix range check. */ + for (; extdyn <= (extdynend - extdynsize); extdyn += extdynsize) { Elf_Internal_Dyn dyn; const char *name = "";