More fixes for invalid memory accesses exposed by fuzzed binaries.
PR binutils/17531 * dwarf.c (decode_location_expression): Check for an out of range value for a DW_OP_GNU_entry_value expression. (display_debug_lines_raw): Check for a partial .debug_line. section being encountered without a prior, full .debug.line section. (display_debug_lines_decoded): Likewise. Also check for li_line_range being zero. (display_debug_pubnames_worker): Check for an invalid pn_length field. (read_cie): Add range checks. * elfcomm.c (setup_archive): Check for a negative longnames_size.
This commit is contained in:
Nick Clifton
parent
5860e3f883
commit
058037d3a1
3 changed files with 83 additions and 12 deletions
|
|
@ -655,6 +655,14 @@ setup_archive (struct archive_info *arch, const char *file_name,
|
|||
file_name, arch->longnames_size);
|
||||
return 1;
|
||||
}
|
||||
/* PR 17531: file: 639d6a26. */
|
||||
if ((signed long) arch->longnames_size < 0)
|
||||
{
|
||||
error (_("%s: long name table is too big, (size = 0x%lx)\n"),
|
||||
file_name, arch->longnames_size);
|
||||
return 1;
|
||||
}
|
||||
|
||||
arch->next_arhdr_offset += sizeof arch->arhdr + arch->longnames_size;
|
||||
|
||||
/* Plus one to allow for a string terminator. */
|
||||
|
|
@ -676,6 +684,8 @@ setup_archive (struct archive_info *arch, const char *file_name,
|
|||
|
||||
if ((arch->longnames_size & 1) != 0)
|
||||
getc (file);
|
||||
|
||||
arch->longnames[arch->longnames_size] = 0;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue