More fixes for corrupt binaries crashing the binutils.
PR binutils/17512 * elf.c (bfd_section_from_shdr): Allocate and free the recursion detection table on a per-bfd basis. * peXXigen.c (pe_print_edata): Handle binaries with a truncated export table.
This commit is contained in:
parent
1df4399f27
commit
5a4b0ccc20
3 changed files with 30 additions and 3 deletions
|
@ -1,3 +1,11 @@
|
|||
2014-10-28 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
PR binutils/17512
|
||||
* elf.c (bfd_section_from_shdr): Allocate and free the recursion
|
||||
detection table on a per-bfd basis.
|
||||
* peXXigen.c (pe_print_edata): Handle binaries with a truncated
|
||||
export table.
|
||||
|
||||
2014-10-28 Andreas Schwab <schwab@suse.de>
|
||||
Nick Clifton <nickc@redhat.com>
|
||||
|
||||
|
|
12
bfd/elf.c
12
bfd/elf.c
|
@ -1580,6 +1580,7 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex)
|
|||
const char *name;
|
||||
bfd_boolean ret = TRUE;
|
||||
static bfd_boolean * sections_being_created = NULL;
|
||||
static bfd * sections_being_created_abfd = NULL;
|
||||
static unsigned int nesting = 0;
|
||||
|
||||
if (shindex >= elf_numsections (abfd))
|
||||
|
@ -1592,13 +1593,19 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex)
|
|||
loop. Detect this here, by refusing to load a section that we are
|
||||
already in the process of loading. We only trigger this test if
|
||||
we have nested at least three sections deep as normal ELF binaries
|
||||
can expect to recurse at least once. */
|
||||
can expect to recurse at least once.
|
||||
|
||||
FIXME: It would be better if this array was attached to the bfd,
|
||||
rather than being held in a static pointer. */
|
||||
|
||||
if (sections_being_created_abfd != abfd)
|
||||
sections_being_created = NULL;
|
||||
if (sections_being_created == NULL)
|
||||
{
|
||||
/* FIXME: It would be more efficient to attach this array to the bfd somehow. */
|
||||
sections_being_created = (bfd_boolean *)
|
||||
bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean));
|
||||
sections_being_created_abfd = abfd;
|
||||
}
|
||||
if (sections_being_created [shindex])
|
||||
{
|
||||
|
@ -2102,7 +2109,10 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex)
|
|||
if (sections_being_created)
|
||||
sections_being_created [shindex] = FALSE;
|
||||
if (-- nesting == 0)
|
||||
{
|
||||
sections_being_created = NULL;
|
||||
sections_being_created_abfd = abfd;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
|
@ -1611,6 +1611,15 @@ pe_print_edata (bfd * abfd, void * vfile)
|
|||
}
|
||||
}
|
||||
|
||||
/* PR 17512: Handle corrupt PE binaries. */
|
||||
if (datasize < 36)
|
||||
{
|
||||
fprintf (file,
|
||||
_("\nThere is an export table in %s, but it is too small (%d)\n"),
|
||||
section->name, (int) datasize);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
fprintf (file, _("\nThere is an export table in %s at 0x%lx\n"),
|
||||
section->name, (unsigned long) addr);
|
||||
|
||||
|
|
Loading…
Reference in a new issue