bug-binutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/17512] libbfd/binutils: crashes on fuzzed samples

From: cvs-commit at gcc dot gnu.org
Subject: [Bug binutils/17512] libbfd/binutils: crashes on fuzzed samples
Date: Wed, 21 Jan 2015 17:38:41 +0000 
https://sourceware.org/bugzilla/show_bug.cgi?id=17512

--- Comment #173 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot 
gnu.org> ---
The master branch has been updated by Nick Clifton <address@hidden>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=86eafac0aad7edbc1ccea6daf53480a36339250a

commit 86eafac0aad7edbc1ccea6daf53480a36339250a
Author: Nick Clifton <address@hidden>
Date:   Wed Jan 21 17:37:23 2015 +0000

    Fix memory access violations triggered by running strip on fuzzed binaries.

        PR binutils/17512
        * coffcode.h (coff_set_arch_mach_hook): Check return value from
        bfd_malloc.
        (coff_slurp_line_table): Return FALSE if the line number
        information was corrupt.
        (coff_slurp_symbol_table): Return FALSE if the symbol information
        was corrupt.
        * mach-o.c (bfd_mach_o_bfd_copy_private_header_data): Always
        initialise the fields of the dyld_info structure.
        (bfd_mach_o_build_exec_seg_command): Replace assertion with an
        error message and a return value.
        (bfd_mach_o_layout_commands): Change the function to boolean.
        Return FALSE if the function fails.
        (bfd_mach_o_build_commands): Fail if bfd_mach_o_layout_commands
        fails.
        (bfd_mach_o_read_command): Fail if an unrecognised command is
        encountered.
        * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Set bfd_error if the
        read fails.
        (slurp_symtab): Check the return from bfd_malloc.
        (_bfd_XX_bfd_copy_private_bfd_data_common): Fail if the copy
        encountered an error.
        (_bfd_XXi_final_link_postscript): Fail if a section could not be
        copied.
        * peicode.h (pe_bfd_object_p): Fail if the header could not be
        swapped in.
        * tekhex.c (first_phase): Fail if the section is too big.
        * versados.c (struct esdid): Add content_size field.
        (process_otr): Use and check the new field.
        (versados_get_section_contents): Check that the section exists and
        that the requested data is available.

        PR binutils/17512
        * addr2line.c (main): Call bfd_set_error_program_name.
        * ar.c (main): Likewise.
        * coffdump.c (main): Likewise.
        * cxxfilt.c (main): Likewise.
        * dlltool.c (main): Likewise.
        * nlmconv.c (main): Likewise.
        * nm.c (main): Likewise.
        * objdump.c (main): Likewise.
        * size.c (main): Likewise.
        * srconv.c (main): Likewise.
        * strings.c (main): Likewise.
        * sysdump.c (main): Likewise.
        * windmc.c (main): Likewise.
        * windres.c (main): Likewise.
        * objcopy.c (main): Likewise.
        (copy_relocations_in_section): Check for relocs without associated
        symbol pointers.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]