Fix more memory faults uncovered by fuzzing various executables.
PR binutils/17512 * dwarf.c (read_and_display_attr_value): Check that we do not read past end. (display_debug_pubnames_worker): Add range checks. (process_debug_info): Check for invalid pointer sizes. (display_loc_list): Likewise. (display_loc_list_dwo): Likewise. (display_debug_ranges): Likewise. (display_debug_aranges): Check for invalid address size. (read_cie): Add range checks. Replace call strchr with while loop. * objdump.c (dump_dwarf): Replace abort with a warning message. (print_section_stabs): Improve range checks. * rdcoff.c (coff_get_slot): Use long for indx parameter type. Add check for an excesively large index. * rddbg.c (read_section_stabs_debugging_info): Zero terminate the string table. Avoid walking off the end of the stabs data. * stabs.c (parse_stab_string): Add check for a NULL name. PR binutils/17512 * coffcode.h (coff_slurp_line_table): Set the line number of corrupt entries to -1. (coff_slurp_symbol_table): Alway initialise the value of the symbol. * coffgen.c (coff_print_symbol): Check that the combined pointer is valid. (coff_print_symbol): Do not print negative line numbers. * peXXigen.c (pe_print_idata): Add range checking displaying member names.
This commit is contained in:
Nick Clifton
parent
40e91bc71f
commit
f41e4712a7
10 changed files with 244 additions and 82 deletions
|
|
@ -2388,7 +2388,12 @@ dump_dwarf (bfd *abfd)
|
|||
else if (bfd_little_endian (abfd))
|
||||
byte_get = byte_get_little_endian;
|
||||
else
|
||||
abort ();
|
||||
/* PR 17512: file: objdump-s-endless-loop.tekhex. */
|
||||
{
|
||||
warn (_("File %s does not contain any dwarf debug information\n"),
|
||||
bfd_get_filename (abfd));
|
||||
return;
|
||||
}
|
||||
|
||||
switch (bfd_get_arch (abfd))
|
||||
{
|
||||
|
|
@ -2496,7 +2501,7 @@ print_section_stabs (bfd *abfd,
|
|||
|
||||
We start the index at -1 because there is a dummy symbol on
|
||||
the front of stabs-in-{coff,elf} sections that supplies sizes. */
|
||||
for (i = -1; stabp < stabs_end; stabp += STABSIZE, i++)
|
||||
for (i = -1; stabp <= stabs_end - STABSIZE; stabp += STABSIZE, i++)
|
||||
{
|
||||
const char *name;
|
||||
unsigned long strx;
|
||||
|
|
@ -2534,10 +2539,13 @@ print_section_stabs (bfd *abfd,
|
|||
}
|
||||
else
|
||||
{
|
||||
bfd_size_type amt = strx + file_string_table_offset;
|
||||
|
||||
/* Using the (possibly updated) string table offset, print the
|
||||
string (if any) associated with this symbol. */
|
||||
if ((strx + file_string_table_offset) < stabstr_size)
|
||||
printf (" %s", &strtab[strx + file_string_table_offset]);
|
||||
if (amt < stabstr_size)
|
||||
/* PR 17512: file: 079-79389-0.001:0.1. */
|
||||
printf (" %.*s", (int)(stabstr_size - amt), strtab + amt);
|
||||
else
|
||||
printf (" *");
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue