Fix address violation parsing a corrupt SOM binary.
PR binutils/21649 * som.c (setup_sections): NUL terminate the space_strings buffer. Check that the space.name field does not index beyond the end of the space_strings buffer.
This commit is contained in:
parent
e7d39ed3e0
commit
d19237d98d
@ -1,3 +1,10 @@
|
||||
2017-06-22 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
PR binutils/21649
|
||||
* som.c (setup_sections): NUL terminate the space_strings buffer.
|
||||
Check that the space.name field does not index beyond the end of
|
||||
the space_strings buffer.
|
||||
|
||||
2017-06-21 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
PR binutils/21646
|
||||
|
@ -2083,8 +2083,8 @@ setup_sections (bfd *abfd,
|
||||
|
||||
/* First, read in space names. */
|
||||
amt = file_hdr->space_strings_size;
|
||||
space_strings = bfd_malloc (amt);
|
||||
if (!space_strings && amt != 0)
|
||||
space_strings = bfd_malloc (amt + 1);
|
||||
if (space_strings == NULL && amt != 0)
|
||||
goto error_return;
|
||||
|
||||
if (bfd_seek (abfd, current_offset + file_hdr->space_strings_location,
|
||||
@ -2092,6 +2092,8 @@ setup_sections (bfd *abfd,
|
||||
goto error_return;
|
||||
if (bfd_bread (space_strings, amt, abfd) != amt)
|
||||
goto error_return;
|
||||
/* Make sure that the string table is NUL terminated. */
|
||||
space_strings[amt] = 0;
|
||||
|
||||
/* Loop over all of the space dictionaries, building up sections. */
|
||||
for (space_index = 0; space_index < file_hdr->space_total; space_index++)
|
||||
@ -2119,6 +2121,9 @@ setup_sections (bfd *abfd,
|
||||
som_swap_space_dictionary_in (&ext_space, &space);
|
||||
|
||||
/* Setup the space name string. */
|
||||
if (space.name >= file_hdr->space_strings_size)
|
||||
goto error_return;
|
||||
|
||||
space_name = space.name + space_strings;
|
||||
|
||||
/* Make a section out of it. */
|
||||
|
Loading…
Reference in New Issue
Block a user