Resolve more problems with readelf uncovered by fuzzing binary files.
PR binutils/17531 * readelf.c (process_version_sections): Prevent an infinite loop processing corrupt version need data. (process_corefile_note_segment): Handle corrupt notes.
This commit is contained in:
parent
cd11f78f81
commit
5d921cbd81
|
@ -1,3 +1,10 @@
|
|||
2014-11-21 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
PR binutils/17531
|
||||
* readelf.c (process_version_sections): Prevent an infinite loop
|
||||
processing corrupt version need data.
|
||||
(process_corefile_note_segment): Handle corrupt notes.
|
||||
|
||||
2014-11-21 Terry Guo <terry.guo@arm.com>
|
||||
|
||||
* readelf.c (arm_attr_tag_FP_arch): Extended to support FPv5.
|
||||
|
|
|
@ -9133,6 +9133,10 @@ process_version_sections (FILE * file)
|
|||
if (j < ent.vd_cnt)
|
||||
printf (_(" Version def aux past end of section\n"));
|
||||
|
||||
/* PR 17531: file: id:000001,src:000172+005151,op:splice,rep:2. */
|
||||
if (idx + ent.vd_next <= idx)
|
||||
break;
|
||||
|
||||
idx += ent.vd_next;
|
||||
}
|
||||
|
||||
|
@ -14686,6 +14690,9 @@ process_corefile_note_segment (FILE * file, bfd_vma offset, bfd_vma length)
|
|||
|
||||
if (inote.descdata < (char *) external + min_notesz
|
||||
|| next < (char *) external + min_notesz
|
||||
/* PR binutils/17531: file: id:000000,sig:11,src:006986,op:havoc,rep:4. */
|
||||
|| inote.namedata + inote.namesz < inote.namedata
|
||||
|| inote.descdata + inote.descsz < inote.descdata
|
||||
|| data_remaining < (size_t)(next - (char *) external))
|
||||
{
|
||||
warn (_("note with invalid namesz and/or descsz found at offset 0x%lx\n"),
|
||||
|
@ -14704,7 +14711,6 @@ process_corefile_note_segment (FILE * file, bfd_vma offset, bfd_vma length)
|
|||
if (inote.namedata[inote.namesz - 1] != '\0')
|
||||
{
|
||||
temp = (char *) malloc (inote.namesz + 1);
|
||||
|
||||
if (temp == NULL)
|
||||
{
|
||||
error (_("Out of memory allocating space for inote name\n"));
|
||||
|
|
Loading…
Reference in New Issue