espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-07-27 20:03:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

This commit causes hundreds of core file regressions in gdb:

Browse Source 
commit f64e188b58f4aab4cbd03aa6e9fc1aa602546e26
Author: Nick Clifton <nickc@redhat.com>
Date:   Tue Dec 9 12:42:18 2014 +0000

    More fixes for memory access violations triggered by fuzzed binaries.
    [snip]
        * elf.c (elf_parse_notes): Check that the namedata is long enough
        for the string comparison that is about to be performed.
        (elf_read_notes): Zero-terminate the note buffer.

This change to elf_parse_notes is the culprit:

+           for (i = ARRAY_SIZE (grokers); i--;)
+             if (in.namesz >= sizeof grokers[i].string - 1
+                 && strncmp (in.namedata, grokers[i].string,
+                             sizeof (grokers[i].string) - 1) == 0)

Note how this applies sizeof to grokers[i].string...

bfd/ChangeLog

        * elf.c (elf_parse_notes): Define convenience macro
        GROKER_ELEMENT to add elements to 'grokers'.
        Use grokers.len instead of sizeof in string comparisons.
This commit is contained in:
Keith Seitz
2014-12-11 09:39:24 -08:00
parent 540feddfde
commit 8acbedd60e
2 changed files with 26 additions and 13 deletions

8
bfd/ChangeLog

@ -1,3 +1,11 @@
2014-12-11 Keith Seitz <keiths@redhat.com>
* elf.c (elf_parse_notes): Define convenience macro
GROKER_ELEMENT to add elements to 'grokers' array.
Add 'len' element to 'grokers'.
Use grokers.len instead of sizeof in string
comparisons.
2014-12-10 Alan Modra <amodra@gmail.com> 2014-12-10 Alan Modra <amodra@gmail.com>
* Makefile.am (BFD32_LIBS, BFD32_LIBS_CFILES): Remove dwarf2 * Makefile.am (BFD32_LIBS, BFD32_LIBS_CFILES): Remove dwarf2

19
bfd/elf.c

@ -9706,30 +9706,35 @@ elf_parse_notes (bfd *abfd, char *buf, size_t size, file_ptr offset)
case bfd_core: case bfd_core:
{ {
#define GROKER_ELEMENT(S,F) {S, sizeof (S) - 1, F}
struct struct
{ {
const char * string; const char * string;
size_t len;
bfd_boolean (* func)(bfd *, Elf_Internal_Note *); bfd_boolean (* func)(bfd *, Elf_Internal_Note *);
} }
grokers[] = grokers[] =
{ {
{ "", elfcore_grok_note }, GROKER_ELEMENT ("", elfcore_grok_note),
{ "NetBSD-CORE", elfcore_grok_netbsd_note }, GROKER_ELEMENT ("NetBSD-CORE", elfcore_grok_netbsd_note),
{ "OpenBSD", elfcore_grok_openbsd_note }, GROKER_ELEMENT ( "OpenBSD", elfcore_grok_openbsd_note),
{ "QNX", elfcore_grok_nto_note }, GROKER_ELEMENT ("QNX", elfcore_grok_nto_note),
{ "SPU/", elfcore_grok_spu_note } GROKER_ELEMENT ("SPU/", elfcore_grok_spu_note)
}; };
#undef GROKER_ELEMENT
int i; int i;
for (i = ARRAY_SIZE (grokers); i--;) for (i = ARRAY_SIZE (grokers); i--;)
if (in.namesz >= sizeof grokers[i].string - 1 {
if (in.namesz >= grokers[i].len
&& strncmp (in.namedata, grokers[i].string, && strncmp (in.namedata, grokers[i].string,
sizeof (grokers[i].string) - 1) == 0) grokers[i].len) == 0)
{ {
if (! grokers[i].func (abfd, & in)) if (! grokers[i].func (abfd, & in))
return FALSE; return FALSE;
break; break;
} }
}
break; break;
} }