This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

PATCH: Fix dwarf.c


commit 591f7597d447d8d038d6d8e24a706d1d5e32eba1
Author: Nick Clifton <nickc@redhat.com>
Date:   Mon Dec 1 11:19:39 2014 +0000

    Add checks for memory access violations exposed by fuzzed archives.

      PR binutils/17531
      * dwarf.c (process_cu_tu_index): Check for an out of range row
      index.
      * elfcomm.c (adjust_relative_path): Change name_len parameter to
      an unsigned long.  Check for path length overflow.
      (process_archive_index_and_symbols): Check for invalid header
      size.
      (setup_archive): Add checks for invalid archives.
      (get_archive_member_name): Add range checks.
      * elfcomm.h (adjust_relative_path): Update prototyoe.
      * readelf.c (process_archive): Add range checks.

caused:

[hjl@gnu-6 testsuite]$ ../../binutils/readelf -wi dwp_test_1.dwp >
dwp_test_1.stdout
readelf: Warning: Row index (4) is larger than number of used entries (4)
readelf: Warning: Row index (3) is larger than number of used entries (3)
readelf: Warning: Debug info is corrupted, abbrev offset (0) is larger
than abbrev section size (0)
readelf: Warning: DIE at offset b refers to abbreviation number 12
which does not exist
readelf: Warning: Debug info is corrupted, abbrev offset (0) is larger
than abbrev section size (0)
readelf: Warning: DIE at offset 17 refers to abbreviation number 1
which does not exist
[hjl@gnu-6 testsuite]$

in gold testsuite.  I checked in this patch to fix it and verified that
readelf doesn't crash on crashes/samples/a05f6ab3.


-- 
H.J.
---
gnu-6:pts/23[128]> m /tmp/x         /export/gnu/import/git/sources/binutils-gdb
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index ecb7c8b..83a8402 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-01  H.J. Lu  <hongjiu.lu@intel.com>
+
+ * dwarf.c (process_cu_tu_index): Properly check for an out of
+ range row index.
+
 2014-12-01  Nick Clifton  <nickc@redhat.com>

  PR binutils/17531
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 5f953d5..8bae72f 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -6797,7 +6797,7 @@ process_cu_tu_index (struct dwarf_section *section, int do
_display)
   if (row != 0)
     {
       /* PR 17531: file: a05f6ab3.  */
-      if (row >= nused)
+      if (row > nused)
  {
   warn (_("Row index (%u) is larger than number of used entries
(%u)\n"),
  row, nused);
gnu-6:pts/23[129]> cat /tmp/x       /export/gnu/import/git/sources/binutils-gdb
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index ecb7c8b..83a8402 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-01  H.J. Lu  <hongjiu.lu@intel.com>
+
+ * dwarf.c (process_cu_tu_index): Properly check for an out of
+ range row index.
+
 2014-12-01  Nick Clifton  <nickc@redhat.com>

  PR binutils/17531
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 5f953d5..8bae72f 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -6797,7 +6797,7 @@ process_cu_tu_index (struct dwarf_section
*section, int do_display)
   if (row != 0)
     {
       /* PR 17531: file: a05f6ab3.  */
-      if (row >= nused)
+      if (row > nused)
  {
   warn (_("Row index (%u) is larger than number of used entries (%u)\n"),
  row, nused);


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]