From 04f963fd489cae724a60140e13984415c205f4ac Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Wed, 14 Jun 2017 10:35:16 +0100 Subject: [PATCH] Fix seg-faults in objdump when disassembling a corrupt versados binary. PR binutils/21591 * versados.c (versados_mkobject): Zero the allocated tdata structure. (process_otr): Check for an invalid offset in the otr structure. --- bfd/ChangeLog | 6 ++++++ bfd/versados.c | 12 ++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 67fd18a102a..a035ab54e2c 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2017-06-14 Nick Clifton + + PR binutils/21591 + * versados.c (versados_mkobject): Zero the allocated tdata structure. + (process_otr): Check for an invalid offset in the otr structure. + 2017-06-14 Sebastian Huber * config.bfd (epiphany-*-elf): Accept epiphany-*-*. diff --git a/bfd/versados.c b/bfd/versados.c index 2efbcff5e94..f0c5fdf87d7 100644 --- a/bfd/versados.c +++ b/bfd/versados.c @@ -149,7 +149,7 @@ versados_mkobject (bfd *abfd) if (abfd->tdata.versados_data == NULL) { bfd_size_type amt = sizeof (tdata_type); - tdata_type *tdata = bfd_alloc (abfd, amt); + tdata_type *tdata = bfd_zalloc (abfd, amt); if (tdata == NULL) return FALSE; @@ -345,13 +345,13 @@ reloc_howto_type versados_howto_table[] = }; static int -get_offset (int len, unsigned char *ptr) +get_offset (unsigned int len, unsigned char *ptr) { int val = 0; if (len) { - int i; + unsigned int i; val = *ptr++; if (val & 0x80) @@ -394,9 +394,13 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass) int flag = *srcp++; int esdids = (flag >> 5) & 0x7; int sizeinwords = ((flag >> 3) & 1) ? 2 : 1; - int offsetlen = flag & 0x7; + unsigned int offsetlen = flag & 0x7; int j; + /* PR 21591: Check for invalid lengths. */ + if (srcp + esdids + offsetlen >= endp) + return; + if (esdids == 0) { /* A zero esdid means the new pc is the offset given. */ -- 2.30.2