This is the mail archive of the binutils-cvs@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[binutils-gdb] Fix address violation when parsing a corrupt IEEE binary.

From: Nick Clifton <nickc at sourceware dot org>
To: bfd-cvs at sourceware dot org
Date: 21 Jun 2017 09:54:49 -0000
Subject: [binutils-gdb] Fix address violation when parsing a corrupt IEEE binary.

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c458d0079cc5e8ff29256355e6532ad2f96a8aa6

commit c458d0079cc5e8ff29256355e6532ad2f96a8aa6
Author: Nick Clifton <nickc@redhat.com>
Date:   Wed Jun 21 10:54:04 2017 +0100

    Fix address violation when parsing a corrupt IEEE binary.
    
    	PR binutils/21633
    	* ieee.c (ieee_slurp_sections): Check for a NULL return from
    	read_id.
    	(ieee_archive_p): Likewise.
    	(ieee_object_p): Likewise.

Diff:
---
 bfd/ChangeLog | 8 ++++++++
 bfd/ieee.c    | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 9bc63e1..9e1cb05 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,13 @@
 2017-06-21  Nick Clifton  <nickc@redhat.com>
 
+	PR binutils/21633
+	* ieee.c (ieee_slurp_sections): Check for a NULL return from
+	read_id.
+	(ieee_archive_p): Likewise.
+	(ieee_object_p): Likewise.
+
+2017-06-21  Nick Clifton  <nickc@redhat.com>
+
 	PR binutils/21640
 	* elf.c (setup_group): Zero the group section pointer list after
 	allocation so that loops can be caught.  Check for NULL pointers
diff --git a/bfd/ieee.c b/bfd/ieee.c
index 08d08d4..958a40b 100644
--- a/bfd/ieee.c
+++ b/bfd/ieee.c
@@ -1246,6 +1246,8 @@ ieee_slurp_sections (bfd *abfd)
 
 		/* Read section name, use it if non empty.  */
 		name = read_id (&ieee->h);
+		if (name == NULL)
+		  return FALSE;
 		if (name[0])
 		  section->name = name;
 
@@ -1395,6 +1397,8 @@ ieee_archive_p (bfd *abfd)
   (void) next_byte (&(ieee->h));
 
   library = read_id (&(ieee->h));
+  if (library == NULL)
+    goto got_wrong_format_error;    
   if (strcmp (library, "LIBRARY") != 0)
     goto got_wrong_format_error;
 
@@ -1922,9 +1926,13 @@ ieee_object_p (bfd *abfd)
   ieee->section_table_size = 0;
 
   processor = ieee->mb.processor = read_id (&(ieee->h));
+  if (processor == NULL)
+    goto got_wrong_format;    
   if (strcmp (processor, "LIBRARY") == 0)
     goto got_wrong_format;
   ieee->mb.module_name = read_id (&(ieee->h));
+  if (ieee->mb.module_name == NULL)
+    goto got_wrong_format;
   if (abfd->filename == (const char *) NULL)
     abfd->filename = xstrdup (ieee->mb.module_name);

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]