This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [binutils-gdb] Fix memory access violations triggered by running addr2line on fuzzed binaries.


On Thu, Feb 12, 2015 at 04:45:42PM -0000, Nick Clifton wrote:
>     	(* elf64-ppc.c (opd_entry_value): Add a check for an overlarge
>     	offset.

Thanks for caring about powerpc, Nick!  I'm tweaking the check a
little to ensure the entire value read is in the buffer.

	PR binutils/17512
	* elf64-ppc.c (opd_entry_value): Tighten offset check.  Remove
	now redundant assert.

diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c
index 542ed1c..d5212d3 100644
--- a/bfd/elf64-ppc.c
+++ b/bfd/elf64-ppc.c
@@ -5952,7 +5952,7 @@ opd_entry_value (asection *opd_sec,
 	}
 
       /* PR 17512: file: 64b9dfbb.  */
-      if (offset > bfd_section_size (opd_bfd, opd_sec))
+      if (offset + 7 >= opd_sec->size || offset + 7 < offset)
 	return (bfd_vma) -1;
 
       val = bfd_get_64 (opd_bfd, contents + offset);
@@ -5996,7 +5996,6 @@ opd_entry_value (asection *opd_sec,
 
   /* Go find the opd reloc at the sym address.  */
   lo = relocs;
-  BFD_ASSERT (lo != NULL);
   hi = lo + opd_sec->reloc_count - 1; /* ignore last reloc */
   val = (bfd_vma) -1;
   while (lo < hi)

-- 
Alan Modra
Australia Development Lab, IBM


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]