espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-08-06 14:49:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Prevent a potential illegal memory access in readelf when parsing a note with a zero name size.

Browse Source 
PR 24131
	* readelf.c (process_notes_at): Prevent an illegal memory access
	when the note's namesize is zero.
	(decode_tic6x_unwind_bytecode): Add code to handle the case where
	no registers are specified in a frame pop instruction.
This commit is contained in:
Nick Clifton
2019-01-25 13:16:06 +00:00
parent 9ed1348c20
commit 183445093e
2 changed files with 28 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
binutils/ChangeLog
View File

@ -1,3 +1,11 @@
2019-01-25 Nick Clifton <nickc@redhat.com>
PR 24131
* readelf.c (process_notes_at): Prevent an illegal memory access
when the note's namesize is zero.
(decode_tic6x_unwind_bytecode): Add code to handle the case where
no registers are specified in a frame pop instruction.
2019-01-25 Nick Clifton <nickc@redhat.com> 2019-01-25 Nick Clifton <nickc@redhat.com>
* po/bg.po: Updated Bulgarian translation. * po/bg.po: Updated Bulgarian translation.

33
binutils/readelf.c
View File

@ -8852,21 +8852,28 @@ decode_tic6x_unwind_bytecode (Filedata * filedata,
} }
printf (_("pop frame {")); printf (_("pop frame {"));
reg = nregs - 1; if (nregs == 0)
for (i = i * 2; i > 0; i--)
{ {
if (regpos[reg].offset == i - 1) printf (_("*corrupt* - no registers specified"));
}
else
{
reg = nregs - 1;
for (i = i * 2; i > 0; i--)
{ {
name = tic6x_unwind_regnames[regpos[reg].reg]; if (regpos[reg].offset == i - 1)
if (reg > 0) {
reg--; name = tic6x_unwind_regnames[regpos[reg].reg];
} if (reg > 0)
else reg--;
name = _("[pad]"); }
else
name = _("[pad]");
fputs (name, stdout); fputs (name, stdout);
if (i > 1) if (i > 1)
printf (", "); printf (", ");
}
} }
printf ("}"); printf ("}");
@ -18741,7 +18748,7 @@ process_notes_at (Filedata * filedata,
one version of Linux (RedHat 6.0) generates corefiles that don't one version of Linux (RedHat 6.0) generates corefiles that don't
comply with the ELF spec by failing to include the null byte in comply with the ELF spec by failing to include the null byte in
namesz. */ namesz. */
if (inote.namedata[inote.namesz - 1] != '\0') if (inote.namesz > 0 && inote.namedata[inote.namesz - 1] != '\0')
{ {
if ((size_t) (inote.descdata - inote.namedata) == inote.namesz) if ((size_t) (inote.descdata - inote.namedata) == inote.namesz)
{ {