espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-19 00:59:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix memory access violations exposed by running the srconv tool on fuzzed binaries.

Browse Source 
PR binutils/17512
	* objdump.c (display_any_bfd): Add a depth limit to nested archive
	display in order to avoid infinite loops.
	* srconv.c: Replace calls to abort with calls to fatal with an
	error message.
This commit is contained in:
Nick Clifton
2015-01-07 16:41:25 +00:00
parent ea42d6f8d1
commit c88f5b8e49
3 changed files with 31 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
binutils/ChangeLog
View File

@ -1,3 +1,11 @@
2015-01-07 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* objdump.c (display_any_bfd): Add a depth limit to nested archive
display in order to avoid infinite loops.
* srconv.c: Replace calls to abort with calls to fatal with an
error message.
2015-01-06 Nick Clifton <nickc@redhat.com> 2015-01-06 Nick Clifton <nickc@redhat.com>
PR binutils/17512 PR binutils/17512

9
binutils/objdump.c
View File

@ -3406,9 +3406,16 @@ display_any_bfd (bfd *file, int level)
{ {
bfd *arfile = NULL; bfd *arfile = NULL;
bfd *last_arfile = NULL; bfd *last_arfile = NULL;
if (level == 0) if (level == 0)
printf (_("In archive %s:\n"), bfd_get_filename (file)); printf (_("In archive %s:\n"), bfd_get_filename (file));
else if (level > 100)
{
/* Prevent corrupted files from spinning us into an
infinite loop. 100 is an arbitrary heuristic. */
non_fatal (_("Archive nesting is too deep"));
return;
}
else else
printf (_("In nested archive %s:\n"), bfd_get_filename (file)); printf (_("In nested archive %s:\n"), bfd_get_filename (file));

28
binutils/srconv.c
View File

@ -167,7 +167,8 @@ checksum (FILE *ffile, unsigned char *ptr, int size, int ccode)
last = !(ccode & 0xff00); last = !(ccode & 0xff00);
if (size & 0x7) if (size & 0x7)
abort (); fatal (_("Checksum failure"));
ptr[0] = ccode | (last ? 0x80 : 0); ptr[0] = ccode | (last ? 0x80 : 0);
ptr[1] = bytes + 1; ptr[1] = bytes + 1;
@ -178,7 +179,7 @@ checksum (FILE *ffile, unsigned char *ptr, int size, int ccode)
ptr[bytes] = ~sum; ptr[bytes] = ~sum;
if (fwrite (ptr, bytes + 1, 1, ffile) != 1) if (fwrite (ptr, bytes + 1, 1, ffile) != 1)
/* FIXME: Return error status. */ /* FIXME: Return error status. */
abort (); fatal (_("Failed to write checksum"));
} }
@ -218,7 +219,7 @@ writeINT (int n, unsigned char *ptr, int *idx, int size, FILE *ffile)
ptr[byte + 3] = n >> 0; ptr[byte + 3] = n >> 0;
break; break;
default: default:
abort (); fatal (_("Unsupported integer write size: %d"), size);
} }
*idx += size * 8; *idx += size * 8;
} }
@ -304,7 +305,7 @@ wr_tr (void)
if (fwrite (b, sizeof (b), 1, file) != 1) if (fwrite (b, sizeof (b), 1, file) != 1)
/* FIXME: Return error status. */ /* FIXME: Return error status. */
abort (); fatal (_("Failed to write TR block"));
} }
static void static void
@ -395,7 +396,8 @@ wr_hd (struct coff_ofile *p)
toolname = "C_H8/300S"; toolname = "C_H8/300S";
break; break;
default: default:
abort(); fatal (_("Unrecognized H8300 sub-architecture: %ld"),
bfd_get_mach (abfd));
} }
rnames = rname_h8300; rnames = rname_h8300;
break; break;
@ -412,7 +414,7 @@ wr_hd (struct coff_ofile *p)
rnames = rname_sh; rnames = rname_sh;
break; break;
default: default:
abort (); fatal (_("Unsupported architecture: %d"), bfd_get_arch (abfd));
} }
if (! (bfd_get_file_flags(abfd) & EXEC_P)) if (! (bfd_get_file_flags(abfd) & EXEC_P))
@ -866,7 +868,7 @@ walk_tree_type_1 (struct coff_sfile *sfile, struct coff_symbol *symbol,
break; break;
default: default:
abort (); fatal (_("Unrecognised type: %d"), type->type);
} }
} }
@ -995,7 +997,7 @@ walk_tree_symbol (struct coff_sfile *sfile, struct coff_section *section ATTRIBU
return; return;
default: default:
abort (); fatal (_("Unrecognised coff symbol type: %d"), symbol->type->type);
} }
if (symbol->where->where == coff_where_member_of_struct) if (symbol->where->where == coff_where_member_of_struct)
@ -1057,7 +1059,7 @@ walk_tree_symbol (struct coff_sfile *sfile, struct coff_section *section ATTRIBU
break; break;
default: default:
abort (); fatal (_("Unrecognised coff symbol visibility: %d"), symbol->visible->type);
} }
dsy.dlength = symbol->type->size; dsy.dlength = symbol->type->size;
@ -1083,7 +1085,7 @@ walk_tree_symbol (struct coff_sfile *sfile, struct coff_section *section ATTRIBU
break; break;
default: default:
abort (); fatal (_("Unrecognised coff symbol location: %d"), symbol->where->where);
} }
switch (symbol->where->where) switch (symbol->where->where)
@ -1128,7 +1130,7 @@ walk_tree_symbol (struct coff_sfile *sfile, struct coff_section *section ATTRIBU
break; break;
default: default:
abort (); fatal (_("Unrecognised coff symbol location: %d"), symbol->where->where);
} }
if (symbol->where->where == coff_where_register) if (symbol->where->where == coff_where_register)
@ -1157,7 +1159,7 @@ walk_tree_symbol (struct coff_sfile *sfile, struct coff_section *section ATTRIBU
break; break;
default: default:
abort (); fatal (_("Unrecognised coff symbol visibility: %d"), symbol->visible->type);
} }
dsy.sfn = 0; dsy.sfn = 0;
@ -1460,7 +1462,7 @@ wr_cs (void)
if (fwrite (b, sizeof (b), 1, file) != 1) if (fwrite (b, sizeof (b), 1, file) != 1)
/* FIXME: Return error status. */ /* FIXME: Return error status. */
abort (); fatal (_("Failed to write CS struct"));
} }
/* Write out the SC records for a unit. Create an SC /* Write out the SC records for a unit. Create an SC