More fixes for memory access errors when running readelf on fuzzed binaries.
PR binutils/17531 * dwarf.c (process_debug_info): Check for abbrev_base being larger than the section size. (process_cu_tu_index): Use xcalloc2 to allocate the CU and TU arrays. (xcalloc2): New function. Like xcalloc, but checks for overflow. * dwarf.h (xcalloc2): Prototype.
This commit is contained in:
parent
696025802e
commit
72c61a0d1e
@ -1,3 +1,13 @@
|
||||
2015-01-12 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
PR binutils/17531
|
||||
* dwarf.c (process_debug_info): Check for abbrev_base being larger
|
||||
than the section size.
|
||||
(process_cu_tu_index): Use xcalloc2 to allocate the CU and TU
|
||||
arrays.
|
||||
(xcalloc2): New function. Like xcalloc, but checks for overflow.
|
||||
* dwarf.h (xcalloc2): Prototype.
|
||||
|
||||
2015-01-12 Alan Modra <amodra@gmail.com>
|
||||
|
||||
* prdbg.c (print_debugging_info): Don't use void* for function
|
||||
|
@ -2466,6 +2466,11 @@ process_debug_info (struct dwarf_section *section,
|
||||
warn (_("Debug info is corrupted, abbrev offset (%lx) is larger than abbrev section size (%lx)\n"),
|
||||
(unsigned long) compunit.cu_abbrev_offset,
|
||||
(unsigned long) abbrev_size);
|
||||
/* PR 17531: file:4bcd9ce9. */
|
||||
else if (abbrev_base >= abbrev_size)
|
||||
warn (_("Debug info is corrupted, abbrev base (%lx) is larger than abbrev section size (%lx)\n"),
|
||||
(unsigned long) abbrev_base,
|
||||
(unsigned long) abbrev_size);
|
||||
else
|
||||
process_abbrev_section
|
||||
(((unsigned char *) debug_displays [abbrev_sec].section.start
|
||||
@ -6832,7 +6837,7 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
|
||||
/* PR 17512: file: 002-376-0.004. */
|
||||
if (section->size < 24)
|
||||
{
|
||||
warn (_("Section %s is too small to contain a CU/TU header"),
|
||||
warn (_("Section %s is too small to contain a CU/TU header\n"),
|
||||
section->name);
|
||||
return 0;
|
||||
}
|
||||
@ -6942,13 +6947,13 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
|
||||
if (is_tu_index)
|
||||
{
|
||||
tu_count = nused;
|
||||
tu_sets = xcmalloc (nused, sizeof (struct cu_tu_set));
|
||||
tu_sets = xcalloc2 (nused, sizeof (struct cu_tu_set));
|
||||
this_set = tu_sets;
|
||||
}
|
||||
else
|
||||
{
|
||||
cu_count = nused;
|
||||
cu_sets = xcmalloc (nused, sizeof (struct cu_tu_set));
|
||||
cu_sets = xcalloc2 (nused, sizeof (struct cu_tu_set));
|
||||
this_set = cu_sets;
|
||||
}
|
||||
}
|
||||
@ -7152,6 +7157,17 @@ cmalloc (size_t nmemb, size_t size)
|
||||
return xmalloc (nmemb * size);
|
||||
}
|
||||
|
||||
/* Like xcalloc, but verifies that the first paramer is not too large. */
|
||||
void *
|
||||
xcalloc2 (size_t nmemb, size_t size)
|
||||
{
|
||||
/* Check for overflow. */
|
||||
if (nmemb >= ~(size_t) 0 / size)
|
||||
return NULL;
|
||||
|
||||
return xcalloc (nmemb, size);
|
||||
}
|
||||
|
||||
/* Like xmalloc, but takes two parameters.
|
||||
Note: does *not* initialise the allocated memory to zero. */
|
||||
void *
|
||||
|
@ -251,6 +251,7 @@ extern void dwarf_select_sections_all (void);
|
||||
extern unsigned int * find_cu_tu_set (void *, unsigned int);
|
||||
|
||||
extern void * cmalloc (size_t, size_t);
|
||||
extern void * xcalloc2 (size_t, size_t);
|
||||
extern void * xcmalloc (size_t, size_t);
|
||||
extern void * xcrealloc (void *, size_t, size_t);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user