darkkirb/old-cross-binutils
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Closes another memory corruption, this time due to heap overrun.

Browse source 
PR binutils/17512
	* coffgen.c (coff_get_normalized_symtab): Prevent buffer overrun.
This commit is contained in:
Nick Clifton 2014-10-30 15:52:10 +00:00
parent 3bdff46b67
commit 7e760b06b2
2 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
bfd/ChangeLog
View file

@ -1,3 +1,8 @@
2014-10-30 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* coffgen.c (coff_get_normalized_symtab): Prevent buffer overrun.
2014-10-29 Nick Clifton <nickc@redhat.com> 2014-10-29 Nick Clifton <nickc@redhat.com>
* elf.c (bfd_section_from_shdr): Fix heap use after free memory * elf.c (bfd_section_from_shdr): Fix heap use after free memory

8
bfd/coffgen.c
View file

@ -1748,7 +1748,7 @@ coff_get_normalized_symtab (bfd *abfd)
if (internal == NULL && size != 0) if (internal == NULL && size != 0)
return NULL; return NULL;
internal_end = internal + obj_raw_syment_count (abfd); internal_end = internal + obj_raw_syment_count (abfd);
if (! _bfd_coff_get_external_symbols (abfd)) if (! _bfd_coff_get_external_symbols (abfd))
return NULL; return NULL;
@ -1766,8 +1766,8 @@ coff_get_normalized_symtab (bfd *abfd)
raw_src < raw_end; raw_src < raw_end;
raw_src += symesz, internal_ptr++) raw_src += symesz, internal_ptr++)
{ {
unsigned int i; unsigned int i;
bfd_coff_swap_sym_in (abfd, (void *) raw_src, bfd_coff_swap_sym_in (abfd, (void *) raw_src,
(void *) & internal_ptr->u.syment); (void *) & internal_ptr->u.syment);
symbol_ptr = internal_ptr; symbol_ptr = internal_ptr;
@ -1777,6 +1777,10 @@ coff_get_normalized_symtab (bfd *abfd)
i++) i++)
{ {
internal_ptr++; internal_ptr++;
/* PR 17512: Prevent buffer overrun. */
if (internal_ptr >= internal_end)
return NULL;
raw_src += symesz; raw_src += symesz;
bfd_coff_swap_aux_in (abfd, (void *) raw_src, bfd_coff_swap_aux_in (abfd, (void *) raw_src,
symbol_ptr->u.syment.n_type, symbol_ptr->u.syment.n_type,