FreeChainXenon/binutils-gdb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

More fixes for invalid memory accesses triggered by fuzzed binaries.

Browse source 
PR binutils/17531
	* dwarf.c (display_debug_frames): Check for a negative
	augmentation data length.
	(display_gdb_index): Check for invalid offsets.
	* elfcomm.c (process_archive_index_and_symbols): Check for an
	index number that overflows when multiplied by the ar index size.
	* readelf.c (dump_ia64_unwind): Add range checks.
	(slurp_ia64_unwind_table): Change to a boolean function.  Add
	range checks.
	(process_version_sections): Add range checks.
	(get_symbol_version_string): Add check for missing section
	headers.
This commit is contained in:
Nick Clifton 2014-12-08 17:51:46 +00:00
parent 2ebecbb12e
commit 53774b7e76
4 changed files with 139 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

6
binutils/elfcomm.c
View file

@ -510,9 +510,11 @@ process_archive_index_and_symbols (struct archive_info * arch,
arch->index_num = byte_get_big_endian (integer_buffer, sizeof_ar_index);
size -= sizeof_ar_index;
if (size < arch->index_num * sizeof_ar_index)
if (size < arch->index_num * sizeof_ar_index
/* PR 17531: file: 585515d1. */
|| size < arch->index_num)
{
error (_("%s: the archive index is supposed to have %ld entries of %d bytes, but the size is only %ld\n"),
error (_("%s: the archive index is supposed to have 0x%lx entries of %d bytes, but the size is only 0x%lx\n"),
arch->file_name, (long) arch->index_num, sizeof_ar_index, size);
return FALSE;
}