Fix more memory faults uncovered by fuzzing various executables.
PR binutils/17512 * dwarf.c (read_and_display_attr_value): Check that we do not read past end. (display_debug_pubnames_worker): Add range checks. (process_debug_info): Check for invalid pointer sizes. (display_loc_list): Likewise. (display_loc_list_dwo): Likewise. (display_debug_ranges): Likewise. (display_debug_aranges): Check for invalid address size. (read_cie): Add range checks. Replace call strchr with while loop. * objdump.c (dump_dwarf): Replace abort with a warning message. (print_section_stabs): Improve range checks. * rdcoff.c (coff_get_slot): Use long for indx parameter type. Add check for an excesively large index. * rddbg.c (read_section_stabs_debugging_info): Zero terminate the string table. Avoid walking off the end of the stabs data. * stabs.c (parse_stab_string): Add check for a NULL name. PR binutils/17512 * coffcode.h (coff_slurp_line_table): Set the line number of corrupt entries to -1. (coff_slurp_symbol_table): Alway initialise the value of the symbol. * coffgen.c (coff_print_symbol): Check that the combined pointer is valid. (coff_print_symbol): Do not print negative line numbers. * peXXigen.c (pe_print_idata): Add range checking displaying member names.
This commit is contained in:
Nick Clifton
parent
40e91bc71f
commit
f41e4712a7
10 changed files with 244 additions and 82 deletions
|
|
@ -836,8 +836,6 @@ parse_stab_string (void *dhandle, struct stab_handle *info, int stabtype,
|
|||
|
||||
case 'G':
|
||||
{
|
||||
char leading;
|
||||
long c;
|
||||
asymbol **ps;
|
||||
|
||||
/* A global symbol. The value must be extracted from the
|
||||
|
|
@ -846,19 +844,27 @@ parse_stab_string (void *dhandle, struct stab_handle *info, int stabtype,
|
|||
(debug_type **) NULL);
|
||||
if (dtype == DEBUG_TYPE_NULL)
|
||||
return FALSE;
|
||||
leading = bfd_get_symbol_leading_char (info->abfd);
|
||||
for (c = info->symcount, ps = info->syms; c > 0; --c, ++ps)
|
||||
if (name != NULL)
|
||||
{
|
||||
const char *n;
|
||||
char leading;
|
||||
long c;
|
||||
|
||||
n = bfd_asymbol_name (*ps);
|
||||
if (leading != '\0' && *n == leading)
|
||||
++n;
|
||||
if (*n == *name && strcmp (n, name) == 0)
|
||||
break;
|
||||
leading = bfd_get_symbol_leading_char (info->abfd);
|
||||
for (c = info->symcount, ps = info->syms; c > 0; --c, ++ps)
|
||||
{
|
||||
const char *n;
|
||||
|
||||
n = bfd_asymbol_name (*ps);
|
||||
if (leading != '\0' && *n == leading)
|
||||
++n;
|
||||
if (*n == *name && strcmp (n, name) == 0)
|
||||
break;
|
||||
}
|
||||
|
||||
if (c > 0)
|
||||
value = bfd_asymbol_value (*ps);
|
||||
}
|
||||
if (c > 0)
|
||||
value = bfd_asymbol_value (*ps);
|
||||
|
||||
if (! stab_record_variable (dhandle, info, name, dtype, DEBUG_GLOBAL,
|
||||
value))
|
||||
return FALSE;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue