[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/17512] libbfd/binutils: crashes on fuzzed samples
From: |
cvs-commit at gcc dot gnu.org |
Subject: |
[Bug binutils/17512] libbfd/binutils: crashes on fuzzed samples |
Date: |
Mon, 27 Mar 2023 11:29:27 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=17512
--- Comment #236 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot
gnu.org> ---
The master branch has been updated by Alan Modra <amodra@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=695c322803476e92e1566c90470b6bb737a40514
commit 695c322803476e92e1566c90470b6bb737a40514
Author: Alan Modra <amodra@gmail.com>
Date: Sun Mar 26 19:26:46 2023 +1030
coffgrok access of u.auxent.x_sym.x_tagndx.p
u.auxent.x_sym.x_tagndx is a union. The p field is only valid when
fix_tag is set. This patch fixes code in coffgrok.c that accessed the
field without first checking fix_tag, and removes a whole lot of code
validating bogus pointers to prevent segfaults (which no longer
happen, I checked the referenced PR 17512 testcases). The patch also
documents this in the fix_tag comment, makes is_sym a bitfield, and
sorts the selecter fields a little.
bfd/
* coffcode.h (combined_entry_type): Make is_sym a bitfield.
Sort and comment on union selectors.
* libcoff.h: Regenerate.
binutils/
* coffgrok.c (do_type): Make aux a combined_entry_type. Test
fix_tag before accessing u.auxent.x_sym.x_tagndx.p. Remove
now unnecessary pointer bounds checking.
--
You are receiving this mail because:
You are on the CC list for the bug.