diff options
author | Nick Clifton <nickc@redhat.com> | 2014-10-28 15:47:13 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2014-10-28 15:47:13 +0000 |
commit | acafeb6056bec47d7211cf462a7c211a8c95cf42 (patch) | |
tree | 9511409de4c91858f06e56e4e036920fb38b743a | |
parent | cc8536de0fb8f40587cf99dad9460237ce9af7a7 (diff) | |
download | binutils-acafeb6056bec47d7211cf462a7c211a8c95cf42.tar.gz binutils-acafeb6056bec47d7211cf462a7c211a8c95cf42.tar.bz2 binutils-acafeb6056bec47d7211cf462a7c211a8c95cf42.zip |
Fixes another couple of memory errors reading corrupt binaries. This time
detected by the address sanitizer.
PR binutils/17512
* elf.c (bfd_section_from_shdr): Allocate and free the recursion
detection table on a per-bfd basis.
* peXXigen.c (pe_print_edata): Handle binaries with a truncated
export table.
-rw-r--r-- | bfd/ChangeLog | 7 | ||||
-rw-r--r-- | bfd/elf.c | 16 | ||||
-rw-r--r-- | bfd/peXXigen.c | 9 |
3 files changed, 29 insertions, 3 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index f7e58ff760c..c4a85c6b58d 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -9,6 +9,13 @@ * Apply trunk patches: + 2014-10-28 Nick Clifton <nickc@redhat.com> + PR binutils/17512 + * elf.c (bfd_section_from_shdr): Allocate and free the recursion + detection table on a per-bfd basis. + * peXXigen.c (pe_print_edata): Handle binaries with a truncated + export table. + 2014-10-28 Andreas Schwab <schwab@suse.de> Nick Clifton <nickc@redhat.com> PR binutils/17510 diff --git a/bfd/elf.c b/bfd/elf.c index 949221f96fb..b5fc84b81f1 100644 --- a/bfd/elf.c +++ b/bfd/elf.c @@ -1580,6 +1580,7 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) const char *name; bfd_boolean ret = TRUE; static bfd_boolean * sections_being_created = NULL; + static bfd * sections_being_created_abfd = NULL; static unsigned int nesting = 0; if (shindex >= elf_numsections (abfd)) @@ -1592,13 +1593,19 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) loop. Detect this here, by refusing to load a section that we are already in the process of loading. We only trigger this test if we have nested at least three sections deep as normal ELF binaries - can expect to recurse at least once. */ - + can expect to recurse at least once. + + FIXME: It would be better if this array was attached to the bfd, + rather than being held in a static pointer. */ + + if (sections_being_created_abfd != abfd) + sections_being_created = NULL; if (sections_being_created == NULL) { /* FIXME: It would be more efficient to attach this array to the bfd somehow. */ sections_being_created = (bfd_boolean *) bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean)); + sections_being_created_abfd = abfd; } if (sections_being_created [shindex]) { @@ -2102,7 +2109,10 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex) if (sections_being_created) sections_being_created [shindex] = FALSE; if (-- nesting == 0) - sections_being_created = NULL; + { + sections_being_created = NULL; + sections_being_created_abfd = abfd; + } return ret; } diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c index 61290852ab1..1a5cb3135d5 100644 --- a/bfd/peXXigen.c +++ b/bfd/peXXigen.c @@ -1611,6 +1611,15 @@ pe_print_edata (bfd * abfd, void * vfile) } } + /* PR 17512: Handle corrupt PE binaries. */ + if (datasize < 36) + { + fprintf (file, + _("\nThere is an export table in %s, but it is too small (%d)\n"), + section->name, (int) datasize); + return TRUE; + } + fprintf (file, _("\nThere is an export table in %s at 0x%lx\n"), section->name, (unsigned long) addr); |