Fixes a few more memory access violations exposed by fuzzed binaries.

author Nick Clifton <nickc@redhat.com>

Thu, 27 Nov 2014 12:19:10 +0000 (12:19 +0000)

committer Nick Clifton <nickc@redhat.com>

Thu, 27 Nov 2014 12:19:10 +0000 (12:19 +0000)
author Nick Clifton <nickc@redhat.com>
Thu, 27 Nov 2014 12:19:10 +0000 (12:19 +0000)
committer Nick Clifton <nickc@redhat.com>
Thu, 27 Nov 2014 12:19:10 +0000 (12:19 +0000)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index c379fcae2b8def2a2142875d6feb042414dbf490..8fe5fe6f13d1401433934ad1d6b9b4ee7ff3c083 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,12 @@
+2014-11-27  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/17512
+       * ecoff.c (_bfd_ecoff_slurp_symbol_table): Warn about and correct
+       a discrepancy between the isymMax and ifdMax values in the
+       symbolic header.
+       * elf.c (_bfd_elf_print_private_bfd_data): Fix the range check
+       scanning the external dynamic entries.
+
  2014-11-26  Nick Clifton  <nickc@redhat.com>
  
         PR binutils/17512
diff --git a/bfd/ecoff.c b/bfd/ecoff.c

index 33e213491a3c5f3ef07c16f70944fd0d688d5148..70783b1079f7e9cd448c18957ca6708c35096c89 100644 (file)
--- a/bfd/ecoff.c
+++ b/bfd/ecoff.c
@@ -905,6 +905,7 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
                                   &internal_ptr->symbol, 1,
                                   internal_esym.weakext))
         return FALSE;
+      
        /* The alpha uses a negative ifd field for section symbols.  */
        if (internal_esym.ifd >= 0)
         internal_ptr->fdr = (ecoff_data (abfd)->debug_info.fdr
@@ -946,6 +947,20 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
         }
      }
  
+  /* PR 17512: file: 3372-3080-0.004.
+     A discrepancy between ecoff_data (abfd)->debug_info.symbolic_header.isymMax
+     and ecoff_data (abfd)->debug_info.symbolic_header.ifdMax can mean that
+     we have fewer symbols than we were expecting.  Allow for this by updating
+     the symbol count and warning the user.  */
+  if (internal_ptr - internal < bfd_get_symcount (abfd))
+    {
+      bfd_get_symcount (abfd) = internal_ptr - internal;
+      (*_bfd_error_handler)
+       (_("%B: warning: isymMax (%ld) is greater than ifdMax (%d)\n"),
+        abfd, ecoff_data (abfd)->debug_info.symbolic_header.isymMax,
+        ecoff_data (abfd)->debug_info.symbolic_header.ifdMax);
+    }
+
    ecoff_data (abfd)->canonical_symbols = internal;
  
    return TRUE;
diff --git a/bfd/elf.c b/bfd/elf.c

index d3a1bb490422258f06e079ce3f7f49f3c460bc4b..de8d97f438bcdc28a2469a29f39114b8fbad5a70 100644 (file)
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -1254,7 +1254,9 @@ _bfd_elf_print_private_bfd_data (bfd *abfd, void *farg)
  
        extdyn = dynbuf;
        extdynend = extdyn + s->size;
-      for (; extdyn < extdynend; extdyn += extdynsize)
+      /* PR 17512: file: id:000006,sig:06,src:000000,op:flip4,pos:5664.
+         Fix range check.  */
+      for (; extdyn <= (extdynend - extdynsize); extdyn += extdynsize)
         {
           Elf_Internal_Dyn dyn;
           const char *name = "";
author	Nick Clifton <nickc@redhat.com>
	Thu, 27 Nov 2014 12:19:10 +0000 (12:19 +0000)
committer	Nick Clifton <nickc@redhat.com>
	Thu, 27 Nov 2014 12:19:10 +0000 (12:19 +0000)
bfd/ChangeLog		patch \| blob \| history
bfd/ecoff.c		patch \| blob \| history
bfd/elf.c		patch \| blob \| history