https://sourceware.org/bugzilla/show_bug.cgi?id=17512
--- Comment #110 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot
gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gdb and binutils".
The branch, master has been updated
via 0a9d414aa114b7b7e609cbcbc285f79031bbe608 (commit)
from 5974eba65b82912621ac68f2c0ff844efbd02b25 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0a9d414aa114b7b7e609cbcbc285f79031bbe608
commit 0a9d414aa114b7b7e609cbcbc285f79031bbe608
Author: Nick Clifton <ni...@redhat.com>
Date: Fri Nov 21 21:44:04 2014 +0000
Fixes for memory access violations exposed by fuzzinf various binaries.
PR binutils/17512
* dwarf.c (get_encoded_value): Check for an encoded size of 0.
(display_debug_lines_raw): Check for an invalid line range value.
(display_debug_frames): Check for corrupt augmentation data.
* coffgen.c (coff_get_normalized_symtab): Check for an excessive
number of auxillary entries.
* ieee.c (next_byte): Convert to a function. Return FALSE if the
next byte is beyond the end of the buffer.
(parse_int): Test the return value of next_byte.
(parse_expression): Convert to boolean. Return FALSE if the
parsing failed. Test the return value of next_byte.
(ieee_seek): Convert to a function. Return FALSE if the seek goes
beyond the end of the buffer.
(ieee_slurp_external_symbols): Test the return value of ieee_seek
and next_byte.
(ieee_slurp_sections): Convert to boolean. Return FALSE if the
operation failed. Test the return value of ieee_seek and
next_byte.
(ieee_archive_p): Test the return value of ieee_seek and
next_byte.
(do_one): Likewise.
(ieee_slurp_section_data): Likewise.
(ieee_object_p): Likewise. Store the size of the buffer in the
total_amt field in the header.
* libieee.h (common_header_type): Add amt field.
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Check that the
reloc's value is within range.
(bfd_mach_o_read_symtab_symbols): Nullify the symbols field if the
operation fails.
* pei-x86_64.c (pex64_xdata_print_uwd_codes): Replace abort with
an error message.
(pex64_dump_xdata): Check for buffer overflows.
* versados.c (process_otr): Check that the section exists before
taking its size.
(versados_object_p): Make sure that enough data was read for the
header to be checked.
* vms-alpha.c (vms_get_remaining_object_record): Change
read_so_far parameter to an unsigned int. Check that the amount
read is in range.
-----------------------------------------------------------------------
Summary of changes:
bfd/ChangeLog | 39 ++++++++
bfd/coffgen.c | 17 +++-
bfd/ieee.c | 261 +++++++++++++++++++++++++++++++++++-----------------
bfd/libieee.h | 1 +
bfd/mach-o.c | 22 +++--
bfd/pei-x86_64.c | 37 ++++++--
bfd/versados.c | 21 ++++-
bfd/vms-alpha.c | 15 ++-
binutils/ChangeLog | 7 ++
binutils/dwarf.c | 24 +++++
10 files changed, 333 insertions(+), 111 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
