This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: [binutils-gdb] Fix memory access violations triggered by running addr2line on fuzzed binaries.
- From: Alan Modra <amodra at gmail dot com>
- To: Nick Clifton <nickc at sourceware dot org>
- Cc: binutils at sourceware dot org
- Date: Fri, 13 Feb 2015 11:45:46 +1030
- Subject: Re: [binutils-gdb] Fix memory access violations triggered by running addr2line on fuzzed binaries.
- Authentication-results: sourceware.org; auth=none
- References: <20150212164542 dot 27304 dot qmail at sourceware dot org>
On Thu, Feb 12, 2015 at 04:45:42PM -0000, Nick Clifton wrote:
> (* elf64-ppc.c (opd_entry_value): Add a check for an overlarge
> offset.
Thanks for caring about powerpc, Nick! I'm tweaking the check a
little to ensure the entire value read is in the buffer.
PR binutils/17512
* elf64-ppc.c (opd_entry_value): Tighten offset check. Remove
now redundant assert.
diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c
index 542ed1c..d5212d3 100644
--- a/bfd/elf64-ppc.c
+++ b/bfd/elf64-ppc.c
@@ -5952,7 +5952,7 @@ opd_entry_value (asection *opd_sec,
}
/* PR 17512: file: 64b9dfbb. */
- if (offset > bfd_section_size (opd_bfd, opd_sec))
+ if (offset + 7 >= opd_sec->size || offset + 7 < offset)
return (bfd_vma) -1;
val = bfd_get_64 (opd_bfd, contents + offset);
@@ -5996,7 +5996,6 @@ opd_entry_value (asection *opd_sec,
/* Go find the opd reloc at the sym address. */
lo = relocs;
- BFD_ASSERT (lo != NULL);
hi = lo + opd_sec->reloc_count - 1; /* ignore last reloc */
val = (bfd_vma) -1;
while (lo < hi)
--
Alan Modra
Australia Development Lab, IBM