[Bug binutils/17531] readelf -a crashes on fuzzed samples

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=17531

--- Comment #8 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot 
gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gdb and binutils".

The branch, master has been updated
       via  e0a31db1b16fe0a010aa46185e4a31a08e7fd97f (commit)
      from  bb0d867169d7e9743d229804106a8fbcab7f3b3f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e0a31db1b16fe0a010aa46185e4a31a08e7fd97f

commit e0a31db1b16fe0a010aa46185e4a31a08e7fd97f
Author: Nick Clifton <address@hidden>
Date:   Tue Nov 4 15:29:03 2014 +0000

    More fixes for memory corruption when readelf processes corrupt files.

        PR binutils/17531
        (get_32bit_program_headers): Verify program header entry size
        before reading in the program headers.
        (get_64bit_program_headers): Likewise.
        (get_unwind_section_word): Do nothing if no section was provided.
        Fail if the offset is outside of the section.
        (print_dynamic_symbol): Catch out of range symbol indicies.
        (process_mips_specific): Likewise.
        (process_attributes): Make sure that there is enough space left in
        the section before attempting to read the length of the next
        attribute.

-----------------------------------------------------------------------

Summary of changes:
 binutils/ChangeLog |   11 +++
 binutils/readelf.c |  173 ++++++++++++++++++++++++++++++++++++++--------------
 2 files changed, 138 insertions(+), 46 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.