This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
PATCH: Fix dwarf.c
- From: "H.J. Lu" <hjl dot tools at gmail dot com>
- To: Nick Clifton <nickc at redhat dot com>, Binutils <binutils at sourceware dot org>
- Date: Mon, 1 Dec 2014 09:19:07 -0800
- Subject: PATCH: Fix dwarf.c
- Authentication-results: sourceware.org; auth=none
commit 591f7597d447d8d038d6d8e24a706d1d5e32eba1
Author: Nick Clifton <nickc@redhat.com>
Date: Mon Dec 1 11:19:39 2014 +0000
Add checks for memory access violations exposed by fuzzed archives.
PR binutils/17531
* dwarf.c (process_cu_tu_index): Check for an out of range row
index.
* elfcomm.c (adjust_relative_path): Change name_len parameter to
an unsigned long. Check for path length overflow.
(process_archive_index_and_symbols): Check for invalid header
size.
(setup_archive): Add checks for invalid archives.
(get_archive_member_name): Add range checks.
* elfcomm.h (adjust_relative_path): Update prototyoe.
* readelf.c (process_archive): Add range checks.
caused:
[hjl@gnu-6 testsuite]$ ../../binutils/readelf -wi dwp_test_1.dwp >
dwp_test_1.stdout
readelf: Warning: Row index (4) is larger than number of used entries (4)
readelf: Warning: Row index (3) is larger than number of used entries (3)
readelf: Warning: Debug info is corrupted, abbrev offset (0) is larger
than abbrev section size (0)
readelf: Warning: DIE at offset b refers to abbreviation number 12
which does not exist
readelf: Warning: Debug info is corrupted, abbrev offset (0) is larger
than abbrev section size (0)
readelf: Warning: DIE at offset 17 refers to abbreviation number 1
which does not exist
[hjl@gnu-6 testsuite]$
in gold testsuite. I checked in this patch to fix it and verified that
readelf doesn't crash on crashes/samples/a05f6ab3.
--
H.J.
---
gnu-6:pts/23[128]> m /tmp/x /export/gnu/import/git/sources/binutils-gdb
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index ecb7c8b..83a8402 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-01 H.J. Lu <hongjiu.lu@intel.com>
+
+ * dwarf.c (process_cu_tu_index): Properly check for an out of
+ range row index.
+
2014-12-01 Nick Clifton <nickc@redhat.com>
PR binutils/17531
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 5f953d5..8bae72f 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -6797,7 +6797,7 @@ process_cu_tu_index (struct dwarf_section *section, int do
_display)
if (row != 0)
{
/* PR 17531: file: a05f6ab3. */
- if (row >= nused)
+ if (row > nused)
{
warn (_("Row index (%u) is larger than number of used entries
(%u)\n"),
row, nused);
gnu-6:pts/23[129]> cat /tmp/x /export/gnu/import/git/sources/binutils-gdb
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index ecb7c8b..83a8402 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-01 H.J. Lu <hongjiu.lu@intel.com>
+
+ * dwarf.c (process_cu_tu_index): Properly check for an out of
+ range row index.
+
2014-12-01 Nick Clifton <nickc@redhat.com>
PR binutils/17531
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 5f953d5..8bae72f 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -6797,7 +6797,7 @@ process_cu_tu_index (struct dwarf_section
*section, int do_display)
if (row != 0)
{
/* PR 17531: file: a05f6ab3. */
- if (row >= nused)
+ if (row > nused)
{
warn (_("Row index (%u) is larger than number of used entries (%u)\n"),
row, nused);