[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=17512

--- Comment #116 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot 
gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gdb and binutils".

The branch, master has been updated
       via  06614111d1be94b43ea8dd83805184d4e177bcea (commit)
      from  30b5e341f3bcb219718ad32cd0065670fd37e637 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=06614111d1be94b43ea8dd83805184d4e177bcea

commit 06614111d1be94b43ea8dd83805184d4e177bcea
Author: Nick Clifton <address@hidden>
Date:   Mon Dec 1 16:43:46 2014 +0000

    More fixes for memory access violations exposed by fuzzed binaries.

        PR binutils/17512
        * dwarf.h (struct dwarf_section): Add user_data field.
        * dwarf.c (frame_need_space): Check for an over large register
        number.
        (display_debug_frames): Check the return value from
        frame_need_space.  Check for a CFA expression that is so long the
        start address wraps around.
        (debug_displays): Initialise the user_data field.
        * objdump.c (load_specific_debug_section): Save the BFD section
        pointer in the user_data field of the dwarf_section structure.
        (free_debug_section): Update BFD section data when freeing section
        contents.
        * readelf.c (load_specific_debug_section): Initialise the
        user_data field.

        * archive.c (do_slurp_coff_armap): Add range checks to prevent
        running off the end of the string table.
        * compress.c (bfd_get_full_section_contents): Return a NULL
        pointer for zero sized sections.  Do not attempt to copy a buffer
        onto itself.
        * elf-attrs.c (_bfd_elf_parse_attributes): Check for an empty
        header.  Add range checks to avoid running off the end of the
        section.
        * elf.c (bfd_elf_get_str_section): Seek before allocating so that
        if the seek fails, no memory is allocated.
        (bfd_elf_string_from_elf_section): Do not allocate a string from a
        non string section.  It only leads to trouble later on.
        (_bfd_elf_print_private_bfd_data): Check for there being too
        little external dynamic data.
        (bfd_section_from_shdr): Replace assertion with a failure mode.
        (bfd_section_from_shdr): When walking a loaded group section use
        the internal structure size, not the external size.  Check for the
        group section being empty.
        * elf32-i386.c (elf_i386_rtype_to_howto): Replace assertion with a
        failure mode.
        * elfcode.h (elf_slurp_reloc_table): Likewise.
        * reloc.c (bfd_perform_relocation): Avoid seg-fault if the howto
        parameter is NULL.

-----------------------------------------------------------------------

Summary of changes:
 bfd/ChangeLog      |   27 ++++++++++++
 bfd/archive.c      |   11 ++++-
 bfd/compress.c     |   13 ++++-
 bfd/elf-attrs.c    |   16 ++++++-
 bfd/elf.c          |   36 ++++++++++++----
 bfd/elf32-i386.c   |    4 +-
 bfd/elfcode.h      |    4 +-
 bfd/reloc.c        |    4 ++
 binutils/ChangeLog |   17 +++++++
 binutils/dwarf.c   |  118 ++++++++++++++++++++++++++++++++--------------------
 binutils/dwarf.h   |    2 +
 binutils/objdump.c |   17 +++++++
 binutils/readelf.c |    1 +
 13 files changed, 207 insertions(+), 63 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.