diff options
author | Nick Clifton <nickc@redhat.com> | 2014-11-10 14:18:45 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2014-11-10 14:27:38 +0000 |
commit | 36e9d67b868c85232ab630514260f0d9c9c6b27b (patch) | |
tree | 62b5f40c0cc1529cb235b367c505804dc4bfcd71 /bfd/coffgen.c | |
parent | b1f28d992c916eab861df3fa62d436755f874b62 (diff) | |
download | binutils-gdb-36e9d67b868c85232ab630514260f0d9c9c6b27b.tar.gz |
More fixes for problems exposed by valgrind and the address sanitizer
when displaying the contents of corrupt files.
PR binutils/17521
* coff-i386.c (NUM_HOWTOS): New define.
(RTYPE2HOWTO): Use it.
(coff_i386_rtype_to_howto): Likewise.
(coff_i386_reloc_name_lookup): Likewise.
(CALC_ADDEND): Check that reloc r_type field is valid.
* coff-x86_64.c (NUM_HOWTOS): New define.
(RTYPE2HOWTO): Use it.
(coff_amd64_rtype_to_howto): Likewise.
(coff_amd64_reloc_name_lookup): Likewise.
(CALC_ADDEND): Check that reloc r_type field is valid.
* coffcode.h (coff_slurp_line_table): Check for symbol table
indexing underflow.
(coff_slurp_symbol_table): Use zalloc to ensure that all table
entries are initialised.
* coffgen.c (_bfd_coff_read_string_table): Initialise unused bits
in the string table. Also ensure that the table is 0 terminated.
(coff_get_normalized_symtab): Check for symbol table indexing
underflow.
* opncls.c (bfd_alloc): Catch the case where a small negative size
can result in only 1 byte being allocated.
(bfd_alloc2): Use bfd_alloc.
* pe-mips.c (NUM_HOWTOS): New define.
(coff_mips_reloc_name_lookup): Use it.
(CALC_ADDEND): Check that reloc r_type field is valid.
* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Initialise unused entries
in the DataDirectory.
(pe_print_idata): Avoid reading beyond the end of the data block
wen printing strings.
(pe_print_edata): Likewise.
Check for table indexing underflow.
* peicode.h (pe_mkobject): Initialise the pe_opthdr field.
(pe_bfd_object_p): Allocate and initialize enough space to hold a
PEAOUTHDR, even if the opt_hdr field specified less.
Diffstat (limited to 'bfd/coffgen.c')
-rw-r--r-- | bfd/coffgen.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/bfd/coffgen.c b/bfd/coffgen.c index 9ad0783babf..6c699025077 100644 --- a/bfd/coffgen.c +++ b/bfd/coffgen.c @@ -1690,7 +1690,13 @@ _bfd_coff_read_string_table (bfd *abfd) return NULL; } - strings = (char *) bfd_malloc (strsize); + strings = (char *) bfd_malloc (strsize + 1); + /* PR 17521 file: 079-54929-0.004. + A corrupt file could contain an index that points into the first + STRING_SIZE_SIZE bytes of the string table, so make sure that + they are zero. */ + memset (strings, 0, STRING_SIZE_SIZE); + if (strings == NULL) return NULL; @@ -1703,7 +1709,8 @@ _bfd_coff_read_string_table (bfd *abfd) obj_coff_strings (abfd) = strings; obj_coff_strings_len (abfd) = strsize; - + /* Terminate the string table, just in case. */ + strings[strsize] = 0; return strings; } @@ -1884,7 +1891,8 @@ coff_get_normalized_symtab (bfd *abfd) if (string_table == NULL) return NULL; } - if (internal_ptr->u.syment._n._n_n._n_offset >= obj_coff_strings_len (abfd)) + if (internal_ptr->u.syment._n._n_n._n_offset >= obj_coff_strings_len (abfd) + || string_table + internal_ptr->u.syment._n._n_n._n_offset < string_table) internal_ptr->u.syment._n._n_n._n_offset = (bfd_hostptr_t) _("<corrupt>"); else internal_ptr->u.syment._n._n_n._n_offset = @@ -1901,7 +1909,8 @@ coff_get_normalized_symtab (bfd *abfd) { BFD_ASSERT (debug_sec != NULL); /* PR binutils/17512: Catch out of range offsets into the debug data. */ - if (internal_ptr->u.syment._n._n_n._n_offset > debug_sec->size) + if (internal_ptr->u.syment._n._n_n._n_offset > debug_sec->size + || debug_sec_data + internal_ptr->u.syment._n._n_n._n_offset < debug_sec_data) internal_ptr->u.syment._n._n_n._n_offset = (bfd_hostptr_t) _("<corrupt>"); else internal_ptr->u.syment._n._n_n._n_offset = (bfd_hostptr_t) |