This is the mail archive of the binutils-cvs@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[binutils-gdb] Fix address violation parsing a corrupt SOM binary.

From: Nick Clifton <nickc at sourceware dot org>
To: bfd-cvs at sourceware dot org
Date: 22 Jun 2017 09:34:24 -0000
Subject: [binutils-gdb] Fix address violation parsing a corrupt SOM binary.

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d19237d98d5c227bc33693057eb466702386cdfb

commit d19237d98d5c227bc33693057eb466702386cdfb
Author: Nick Clifton <nickc@redhat.com>
Date:   Thu Jun 22 10:33:56 2017 +0100

    Fix address violation parsing a corrupt SOM binary.
    
    	PR binutils/21649
    	* som.c (setup_sections): NUL terminate the space_strings buffer.
    	Check that the space.name field does not index beyond the end of
    	the space_strings buffer.

Diff:
---
 bfd/ChangeLog | 7 +++++++
 bfd/som.c     | 9 +++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index b1cf4f9..57a07a5 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2017-06-22  Nick Clifton  <nickc@redhat.com>
+
+	PR binutils/21649
+	* som.c (setup_sections): NUL terminate the space_strings buffer.
+	Check that the space.name field does not index beyond the end of
+	the space_strings buffer.
+
 2017-06-21  Nick Clifton  <nickc@redhat.com>
 
 	PR binutils/21646
diff --git a/bfd/som.c b/bfd/som.c
index 8575c89..98c4124 100644
--- a/bfd/som.c
+++ b/bfd/som.c
@@ -2083,8 +2083,8 @@ setup_sections (bfd *abfd,
 
   /* First, read in space names.  */
   amt = file_hdr->space_strings_size;
-  space_strings = bfd_malloc (amt);
-  if (!space_strings && amt != 0)
+  space_strings = bfd_malloc (amt + 1);
+  if (space_strings == NULL && amt != 0)
     goto error_return;
 
   if (bfd_seek (abfd, current_offset + file_hdr->space_strings_location,
@@ -2092,6 +2092,8 @@ setup_sections (bfd *abfd,
     goto error_return;
   if (bfd_bread (space_strings, amt, abfd) != amt)
     goto error_return;
+  /* Make sure that the string table is NUL terminated.  */
+  space_strings[amt] = 0;
 
   /* Loop over all of the space dictionaries, building up sections.  */
   for (space_index = 0; space_index < file_hdr->space_total; space_index++)
@@ -2119,6 +2121,9 @@ setup_sections (bfd *abfd,
       som_swap_space_dictionary_in (&ext_space, &space);
 
       /* Setup the space name string.  */
+      if (space.name >= file_hdr->space_strings_size)
+	goto error_return;
+
       space_name = space.name + space_strings;
 
       /* Make a section out of it.  */

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]