From c458d0079cc5e8ff29256355e6532ad2f96a8aa6 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Wed, 21 Jun 2017 10:54:04 +0100 Subject: [PATCH] Fix address violation when parsing a corrupt IEEE binary. PR binutils/21633 * ieee.c (ieee_slurp_sections): Check for a NULL return from read_id. (ieee_archive_p): Likewise. (ieee_object_p): Likewise. --- bfd/ChangeLog | 8 ++++++++ bfd/ieee.c | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 9bc63e1..9e1cb05 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,5 +1,13 @@ 2017-06-21 Nick Clifton + PR binutils/21633 + * ieee.c (ieee_slurp_sections): Check for a NULL return from + read_id. + (ieee_archive_p): Likewise. + (ieee_object_p): Likewise. + +2017-06-21 Nick Clifton + PR binutils/21640 * elf.c (setup_group): Zero the group section pointer list after allocation so that loops can be caught. Check for NULL pointers diff --git a/bfd/ieee.c b/bfd/ieee.c index 08d08d4..958a40b 100644 --- a/bfd/ieee.c +++ b/bfd/ieee.c @@ -1246,6 +1246,8 @@ ieee_slurp_sections (bfd *abfd) /* Read section name, use it if non empty. */ name = read_id (&ieee->h); + if (name == NULL) + return FALSE; if (name[0]) section->name = name; @@ -1395,6 +1397,8 @@ ieee_archive_p (bfd *abfd) (void) next_byte (&(ieee->h)); library = read_id (&(ieee->h)); + if (library == NULL) + goto got_wrong_format_error; if (strcmp (library, "LIBRARY") != 0) goto got_wrong_format_error; @@ -1922,9 +1926,13 @@ ieee_object_p (bfd *abfd) ieee->section_table_size = 0; processor = ieee->mb.processor = read_id (&(ieee->h)); + if (processor == NULL) + goto got_wrong_format; if (strcmp (processor, "LIBRARY") == 0) goto got_wrong_format; ieee->mb.module_name = read_id (&(ieee->h)); + if (ieee->mb.module_name == NULL) + goto got_wrong_format; if (abfd->filename == (const char *) NULL) abfd->filename = xstrdup (ieee->mb.module_name); -- 2.7.4