espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-27 06:17:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

PR26348, Malloc error in write_zeros

Browse Source 
This adds a few more sanity checks on ELF objects, and a BFD flag to
disable objcopy and strip when fuzzed input files belong in the "too
hard" basket.

bfd/
	PR 26348
	* bfd.c (struct bfd): Add read_only.
	* elfcode.h (elf_swap_shdr_in): Test both sh_offset and sh_size.
	Set read_only on warning.
	(elf_object_p): Sanity check program header alignment.  Set
	read_only on warning.
	* bfd-in2.h: Regenerate.
binutils/
	PR 26348
	* objcopy.c (copy_object): Report file name with endian error.
	Error and return on abfd->read_only.
This commit is contained in:
Alan Modra
2020-08-12 20:18:43 +09:30
parent 6d8a0a5e90
commit 75e100a30d
6 changed files with 50 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
bfd/elfcode.h
View File

@ -321,11 +321,14 @@ elf_swap_shdr_in (bfd *abfd,
{
ufile_ptr filesize = bfd_get_file_size (abfd);
if (filesize != 0 && dst->sh_size > filesize)
_bfd_error_handler
(_("warning: %pB has a corrupt section with a size (%"
BFD_VMA_FMT "x) larger than the file size"),
abfd, dst->sh_size);
if (filesize != 0
&& ((ufile_ptr) dst->sh_offset > filesize
|| dst->sh_size > filesize - dst->sh_offset))
{
abfd->read_only = 1;
_bfd_error_handler (_("warning: %pB has a section "
"extending past end of file"), abfd);
}
}
dst->sh_link = H_GET_32 (abfd, src->sh_link);
dst->sh_info = H_GET_32 (abfd, src->sh_info);
@ -764,6 +767,7 @@ elf_object_p (bfd *abfd)
So we are kind, and reset the string index value to 0
so that at least some processing can be done. */
i_ehdrp->e_shstrndx = SHN_UNDEF;
abfd->read_only = 1;
_bfd_error_handler
(_("warning: %pB has a corrupt string table index - ignoring"),
abfd);
@ -804,6 +808,14 @@ elf_object_p (bfd *abfd)
if (bfd_bread (&x_phdr, sizeof x_phdr, abfd) != sizeof x_phdr)
goto got_no_match;
elf_swap_phdr_in (abfd, &x_phdr, i_phdr);
/* Too much code in BFD relies on alignment being a power of
two, as required by the ELF spec. */
if (i_phdr->p_align != (i_phdr->p_align & -i_phdr->p_align))
{
abfd->read_only = 1;
_bfd_error_handler (_("warning: %pB has a program header "
"with invalid alignment"), abfd);
}
}
}