This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] Fix illegal memory access errors triggered by running srconv on fuzzed binaries.
- From: Nick Clifton <nickc at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 13 Feb 2015 12:14:40 -0000
- Subject: [binutils-gdb] Fix illegal memory access errors triggered by running srconv on fuzzed binaries.
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=951eaaec17411eba4debe19781f6b8b54306256e
commit 951eaaec17411eba4debe19781f6b8b54306256e
Author: Nick Clifton <nickc@redhat.com>
Date: Fri Feb 13 12:14:05 2015 +0000
Fix illegal memory access errors triggered by running srconv on fuzzed binaries.
PR binutils/17512
* dwarf.c (read_leb128): Fix test for shift becoming too large.
* coffgrok.c (do_define): Add check for type size overflow.
* srconv.c (walk_tree_sfile): Check that enough sections are
available before parsing.
(prescan): Likewise.
Diff:
---
binutils/ChangeLog | 10 ++++++++++
binutils/coffgrok.c | 6 ++----
binutils/srconv.c | 6 +++++-
3 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 9b835dd..4325f3a 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,13 @@
+2015-02-13 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * dwarf.c (read_leb128): Fix test for shift becoming too large.
+
+ * coffgrok.c (do_define): Add check for type size overflow.
+ * srconv.c (walk_tree_sfile): Check that enough sections are
+ available before parsing.
+ (prescan): Likewise.
+
2015-02-13 Alan Modra <amodra@gmail.com>
* dwarf.c: Formatting, whitespace.
diff --git a/binutils/coffgrok.c b/binutils/coffgrok.c
index 2bbfdc4..0b953e8 100644
--- a/binutils/coffgrok.c
+++ b/binutils/coffgrok.c
@@ -668,12 +668,10 @@ do_define (unsigned int i, struct coff_scope *b)
if (!is->init)
{
- long high = s->where->offset + s->type->size;
-
is->low = s->where->offset;
- is->high = high;
+ is->high = s->where->offset + s->type->size;
/* PR 17512: file: 37e7a80d. */
- if (is->high != high)
+ if (is->high < s->where->offset)
fatal (_("Out of range type size: %u"), s->type->size);
is->init = 1;
is->parent = s->where->section;
diff --git a/binutils/srconv.c b/binutils/srconv.c
index 63c6940..7abbb66 100644
--- a/binutils/srconv.c
+++ b/binutils/srconv.c
@@ -1204,6 +1204,8 @@ walk_tree_sfile (struct coff_section *section, struct coff_sfile *sfile)
static void
wr_program_structure (struct coff_ofile *p, struct coff_sfile *sfile)
{
+ if (p->nsections < 4)
+ return;
walk_tree_sfile (p->sections + 4, sfile);
}
@@ -1705,6 +1707,9 @@ prescan (struct coff_ofile *otree)
struct coff_symbol *s;
struct coff_section *common_section;
+ if (otree->nsections < 3)
+ return;
+
/* Find the common section - always section 3. */
common_section = otree->sections + 3;
@@ -1715,7 +1720,6 @@ prescan (struct coff_ofile *otree)
if (s->visible->type == coff_vis_common)
{
struct coff_where *w = s->where;
-
/* s->visible->type = coff_vis_ext_def; leave it as common */
common_section->size = align (common_section->size);
w->offset = common_section->size + common_section->address;