[Bug binutils/17531] readelf -a crashes on fuzzed samples

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/17531] readelf -a crashes on fuzzed samples

From:	cvs-commit at gcc dot gnu.org
Subject:	[Bug binutils/17531] readelf -a crashes on fuzzed samples
Date:	Fri, 07 Nov 2014 13:41:20 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=17531

--- Comment #14 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot 
gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gdb and binutils".

The branch, master has been updated
       via  071436c6e94be13904438b6eb70ee79c73354a61 (commit)
      from  56aedec7ab6a1da818ed900827e3a2eb1f5cc5d2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=071436c6e94be13904438b6eb70ee79c73354a61

commit 071436c6e94be13904438b6eb70ee79c73354a61
Author: Nick Clifton <address@hidden>
Date:   Fri Nov 7 13:39:45 2014 +0000

    Add more fixes for inavlid memory accesses triggered by corrupt files.

        PR binutils/17531
        * readelf.c (get_data): Avoid allocating memory when we know that
        the read will fail.
        (find_section_by_type): New function.
        (get_unwind_section_word): Check for invalid symbol indicies.
        Check for invalid reloc types.
        (get_32bit_dynamic_section): Add range checks.
        (get_64bit_dynamic_section): Add range checks.
        (process_dynamic_section): Check for a corrupt time value.
        (process_symbol_table): Add range checks.
        (dump_section_as_strings): Add string length range checks.
        (display_tag_value): Likewise.
        (display_arm_attribute): Likewise.
        (display_gnu_attribute): Likewise.
        (display_tic6x_attribute): Likewise.
        (display_msp430x_attribute): Likewise.
        (process_mips_specific): Add range check.

-----------------------------------------------------------------------

Summary of changes:
 binutils/ChangeLog |   20 ++++
 binutils/readelf.c |  297 ++++++++++++++++++++++++++++++++++++----------------
 2 files changed, 226 insertions(+), 91 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/17531] readelf -a crashes on fuzzed samples, (continued)
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, cvs-commit at gcc dot gnu.org, 2014/11/04
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, nickc at redhat dot com, 2014/11/04
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, cherepan at mccme dot ru, 2014/11/04
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, nickc at redhat dot com, 2014/11/04
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, cvs-commit at gcc dot gnu.org, 2014/11/04
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, nickc at redhat dot com, 2014/11/04
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, cherepan at mccme dot ru, 2014/11/04
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, nickc at redhat dot com, 2014/11/05
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, cherepan at mccme dot ru, 2014/11/05
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, cherepan at mccme dot ru, 2014/11/06
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, cvs-commit at gcc dot gnu.org <=
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, nickc at redhat dot com, 2014/11/07
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, cherepan at mccme dot ru, 2014/11/09
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, cherepan at mccme dot ru, 2014/11/09
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, cherepan at mccme dot ru, 2014/11/09
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, nickc at redhat dot com, 2014/11/10
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, cvs-commit at gcc dot gnu.org, 2014/11/10
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, cherepan at mccme dot ru, 2014/11/11
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, cvs-commit at gcc dot gnu.org, 2014/11/11
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, nickc at redhat dot com, 2014/11/11
- [Bug binutils/17531] readelf -a crashes on fuzzed samples, cherepan at mccme dot ru, 2014/11/11

Prev by Date: [Bug ld/17553] .eh_frame_hdr table[0] FDE at 00000978 overlaps table[1] FDE at 000009a0 when not using "-Wl,-traditional" on sh4
Next by Date: [Bug binutils/17531] readelf -a crashes on fuzzed samples
Previous by thread: [Bug binutils/17531] readelf -a crashes on fuzzed samples
Next by thread: [Bug binutils/17531] readelf -a crashes on fuzzed samples
Index(es):
- Date
- Thread