OpenE2K
/
binutils-gdb
12
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Prevent a seg-fault in the linker when accessing a specially crafted, corrupt, aout binary. 

PR ld/19629
	* aoutx.h (aout_link_add_symbols): Check for out of range string
	table offsets.
This commit is contained in:
Nick Clifton 2016-02-19 15:55:06 +00:00
parent 737684142b
commit e517df3dbf
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bfd/ChangeLog
View File

@ -1,5 +1,9 @@
2016-02-19 Nick Clifton <nickc@redhat.com> 2016-02-19 Nick Clifton <nickc@redhat.com>
PR ld/19629
* aoutx.h (aout_link_add_symbols): Check for out of range string
table offsets.
PR ld/19628 PR ld/19628
* reloc.c (bfd_generic_get_relocated_section_contents): Stop * reloc.c (bfd_generic_get_relocated_section_contents): Stop
processing if we encounter a reloc without an associated symbol. processing if we encounter a reloc without an associated symbol.

10
bfd/aoutx.h
View File

@ -3002,7 +3002,11 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
if ((type & N_STAB) != 0) if ((type & N_STAB) != 0)
continue; continue;
/* PR 19629: Corrupt binaries can contain illegal string offsets. */
if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
return FALSE;
name = strings + GET_WORD (abfd, p->e_strx); name = strings + GET_WORD (abfd, p->e_strx);
value = GET_WORD (abfd, p->e_value); value = GET_WORD (abfd, p->e_value);
flags = BSF_GLOBAL; flags = BSF_GLOBAL;
string = NULL; string = NULL;
@ -3060,6 +3064,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
which this one really is. */ which this one really is. */
BFD_ASSERT (p + 1 < pend); BFD_ASSERT (p + 1 < pend);
++p; ++p;
/* PR 19629: Corrupt binaries can contain illegal string offsets. */
if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
return FALSE;
string = strings + GET_WORD (abfd, p->e_strx); string = strings + GET_WORD (abfd, p->e_strx);
section = bfd_ind_section_ptr; section = bfd_ind_section_ptr;
flags |= BSF_INDIRECT; flags |= BSF_INDIRECT;
@ -3093,6 +3100,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
return TRUE; return TRUE;
++p; ++p;
string = name; string = name;
/* PR 19629: Corrupt binaries can contain illegal string offsets. */
if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
return FALSE;
name = strings + GET_WORD (abfd, p->e_strx); name = strings + GET_WORD (abfd, p->e_strx);
section = bfd_und_section_ptr; section = bfd_und_section_ptr;
flags |= BSF_WARNING; flags |= BSF_WARNING;