[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in

From:	cvs-commit at gcc dot gnu.org
Subject:	[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in
Date:	Tue, 11 Nov 2014 11:45:25 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=17512

--- Comment #76 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot 
gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gdb and binutils".

The branch, master has been updated
       via  fcfa62408aec326a54765a6fd8895349fb41eb7c (commit)
      from  4de1599bcf044a5396ec588f90b8f475be657d4f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fcfa62408aec326a54765a6fd8895349fb41eb7c

commit fcfa62408aec326a54765a6fd8895349fb41eb7c
Author: Alan Modra <address@hidden>
Date:   Tue Nov 11 21:36:37 2014 +1030

    Avoid coff OOM

    bfd_zalloc/bfd_zmalloc to fix uninitialized memory reads is too big a
    hammer, when the size allocated depends on user input.  A typical
    bfd_alloc, bfd_seek, bfd_bread sequence will give an error or warning
    at the point the file read fails when some enormous item as described
    by headers is not actually present in the file.  Nice operating system
    allow memory overcommit.  But not if you write to the memory.  So
    bfd_zalloc can cause an OOM, thrashing, or system hangs.

    The patch also fixes a recently introduced endless loop on bad input.

        PR binutils/17512
        * coffcode.h (coff_slurp_line_table): Don't bfd_zalloc, just
        memset the particular bits we need.  Update src after hitting loop
        "continue".  Don't count lineno omitted due to invalid symbols in
        nbr_func, and update lineno_count.  Init entire terminating
        lineno.  Don't both allocating terminator in n_lineno_cache.
        Redirect sym->lineno pointer to where n_lineno_cache will be
        copied, and free n_lineno_cache.
        * pe-mips.c (NUM_HOWTOS): Typo fix.

-----------------------------------------------------------------------

Summary of changes:
 bfd/ChangeLog  |   12 +++++++++++
 bfd/coffcode.h |   61 ++++++++++++++++++++++++++++---------------------------
 bfd/pe-mips.c  |    2 +-
 3 files changed, 44 insertions(+), 31 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, (continued)
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/11/05
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cherepan at mccme dot ru, 2014/11/05
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cherepan at mccme dot ru, 2014/11/06
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/11/10
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cherepan at mccme dot ru, 2014/11/10
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/11/10
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/11/10
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/11/11
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cherepan at mccme dot ru, 2014/11/11
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, hanno at hboeck dot de, 2014/11/11
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org <=
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/11/11
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/11/11
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/11/11
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cherepan at mccme dot ru, 2014/11/11
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cherepan at mccme dot ru, 2014/11/11
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/11/12
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/11/12
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cherepan at mccme dot ru, 2014/11/13
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, cvs-commit at gcc dot gnu.org, 2014/11/13
- [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in, nickc at redhat dot com, 2014/11/13

Prev by Date: [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in
Next by Date: [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in
Previous by thread: [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in
Next by thread: [Bug binutils/17512] segfault in PE parser / _bfd_pei_swap_aouthdr_in
Index(es):
- Date
- Thread