bug-binutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/17512] libbfd/binutils: crashes on fuzzed samples

From: cvs-commit at gcc dot gnu.org
Subject: [Bug binutils/17512] libbfd/binutils: crashes on fuzzed samples
Date: Tue, 24 Mar 2015 16:34:15 +0000 
https://sourceware.org/bugzilla/show_bug.cgi?id=17512

--- Comment #221 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot 
gnu.org> ---
The binutils-2_25-branch branch has been updated by Nick Clifton
<address@hidden>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7a57494b3cf09162ed556f4d1da2bd77d2acc4e4

commit 7a57494b3cf09162ed556f4d1da2bd77d2acc4e4
Author: Nick Clifton <address@hidden>
Date:   Tue Mar 24 16:32:44 2015 +0000

    Import fixes from mainline that address illegal memory accesses when
working with COFF/PE based files.

        Apply from master:
        2015-02-26  Nick Clifton  <address@hidden>

        PR binutils/17512
        * coffcode.h (coff_compute_section_file_positions): Report
        negative page sizes.

        2015-02-10  Nick Clifton  <address@hidden>

        PR binutils/17512
        * coffcode.h (styp_to_sec_flags): Use an unsigned long type to
        hold the flag bits.

        2015-02-06  Nick Clifton  <address@hidden>

        PR binutils/17512
        * peXXigen.c (rsrc_print_resource_entries): Add range check for
        addresses that wrap around the address space.
        (rsrc_parse_entry): Likewise.

        2015-02-03  Nick Clifton  <address@hidden>

        PR binutils/17512
        * ecoff.c: Use bfd_alloc2 to allocate space for structure arrays.
        (_bfd_ecoff_slurp_symbol_table): Check for a negative symbol
        index or an out of range fdr index.
        * peXXigen.c (pe_print_edata):  Check for numeric overflow in edt
        fields.

        2015-01-22  Nick Clifton  <address@hidden>

        PR binutils/17512
        * coffcode.h (handle_COMDAT): When searching for the section
        symbol, make sure that there is space left in the symbol table.

        2015-01-21  Nick Clifton  <address@hidden>

        PR binutils/17512
        * coffcode.h (coff_set_arch_mach_hook): Check return value from
        bfd_malloc.
        (coff_slurp_line_table): Return FALSE if the line number
        information was corrupt.
        (coff_slurp_symbol_table): Return FALSE if the symbol information
        was corrupt.
        * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Set bfd_error if the
        read fails.
        (slurp_symtab): Check the return from bfd_malloc.
        (_bfd_XX_bfd_copy_private_bfd_data_common): Fail if the copy
        encountered an error.
        (_bfd_XXi_final_link_postscript): Fail if a section could not be
        copied.
        * peicode.h (pe_bfd_object_p): Fail if the header could not be
        swapped in.

        2015-01-08  Nick Clifton  <address@hidden>

        PR binutils/17512
        * coffcode.h (coff_slurp_symbol_table): Return false if we failed
        to load the line table.

        2015-01-06  Nick Clifton  <address@hidden>

        PR binutils/17512
        * coff-i860.c (CALC_ADDEND): Always set an addend value.

        2014-11-27  Nick Clifton  <address@hidden>

        PR binutils/17512
        * ecoff.c (_bfd_ecoff_slurp_symbol_table): Warn about and correct
        a discrepancy between the isymMax and ifdMax values in the
        symbolic header.

        2014-11-26  Nick Clifton  <address@hidden>

        PR binutils/17512
        * coff-h8300.c (rtype2howto): Replace abort with returning a NULL
        value.
        * coff-h8500.c (rtype2howto): Likewise.
        * coff-tic30.c (rtype2howto): Likewise.
        * coff-z80.c (rtype2howto): Likewise.
        * coff-z8k.c (rtype2howto): Likewise.
        * coff-ia64.c (RTYPE2HOWTO): Always return a valid howto.
        * coff-m68k.c (m68k_rtype2howto): Return a NULL howto if none
        could be found.
        * coff-mcore.c (RTYPE2HOWTO): Add range checking.
        * coff-w65.c (rtype2howto): Likewise.
        * coff-we32k.c (RTYPE2HOWTO): Likewise.
        * pe-mips.c (RTYPE2HOWTO): Likewise.
        * coff-x86_64.c (coff_amd64_reloc): Likewise.  Replace abort with
        an error return.
        * coffcode.h (coff_slurp_reloc_table): Allow the rel parameter to
        be unused.
        * coffgen.c (make_a_section_from_file): Check the length of a
        section name before testing to see if it is a debug section name.
        (coff_object_p): Zero out any uninitialised bytes in the opt
        header.
        * ecoff.c (_bfd_ecoff_slurp_symbolic_info): Test for the raw
        source being empty when there are values to be processed.
        (_bfd_ecoff_slurp_symbol_table): Add range check.

        2014-11-21  Nick Clifton  <address@hidden>

        PR binutils/17512
        * coffgen.c (coff_get_normalized_symtab): Check for an excessive
        number of auxillary entries.

        2014-11-21  Alexander Cherepanov  <address@hidden>

        PR binutils/17512
        * coffgen.c (_bfd_coff_read_string_table): Test allocation of
        string table before clearing the first few bytes.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]