More fixes for corrupt binaries crashing the binutils.

PR binutils/17512
	* elf.c (bfd_section_from_shdr): Allocate and free the recursion
	detection table on a per-bfd basis.
	* peXXigen.c (pe_print_edata): Handle binaries with a truncated
	export table.
This commit is contained in:
Nick Clifton 2014-10-28 15:42:56 +00:00
parent 1df4399f27
commit 5a4b0ccc20
3 changed files with 30 additions and 3 deletions

View file

@ -1,3 +1,11 @@
2014-10-28 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* elf.c (bfd_section_from_shdr): Allocate and free the recursion
detection table on a per-bfd basis.
* peXXigen.c (pe_print_edata): Handle binaries with a truncated
export table.
2014-10-28 Andreas Schwab <schwab@suse.de>
Nick Clifton <nickc@redhat.com>

View file

@ -1580,6 +1580,7 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex)
const char *name;
bfd_boolean ret = TRUE;
static bfd_boolean * sections_being_created = NULL;
static bfd * sections_being_created_abfd = NULL;
static unsigned int nesting = 0;
if (shindex >= elf_numsections (abfd))
@ -1592,13 +1593,19 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex)
loop. Detect this here, by refusing to load a section that we are
already in the process of loading. We only trigger this test if
we have nested at least three sections deep as normal ELF binaries
can expect to recurse at least once. */
can expect to recurse at least once.
FIXME: It would be better if this array was attached to the bfd,
rather than being held in a static pointer. */
if (sections_being_created_abfd != abfd)
sections_being_created = NULL;
if (sections_being_created == NULL)
{
/* FIXME: It would be more efficient to attach this array to the bfd somehow. */
sections_being_created = (bfd_boolean *)
bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean));
sections_being_created_abfd = abfd;
}
if (sections_being_created [shindex])
{
@ -2102,7 +2109,10 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex)
if (sections_being_created)
sections_being_created [shindex] = FALSE;
if (-- nesting == 0)
{
sections_being_created = NULL;
sections_being_created_abfd = abfd;
}
return ret;
}

View file

@ -1611,6 +1611,15 @@ pe_print_edata (bfd * abfd, void * vfile)
}
}
/* PR 17512: Handle corrupt PE binaries. */
if (datasize < 36)
{
fprintf (file,
_("\nThere is an export table in %s, but it is too small (%d)\n"),
section->name, (int) datasize);
return TRUE;
}
fprintf (file, _("\nThere is an export table in %s at 0x%lx\n"),
section->name, (unsigned long) addr);