This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] Prevent a potential illegal memory access in readelf when parsing a note with a zero name size.
- From: Nick Clifton <nickc at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 25 Jan 2019 13:17:01 -0000
- Subject: [binutils-gdb] Prevent a potential illegal memory access in readelf when parsing a note with a zero name size.
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=183445093ebd6be285e29f75b877e62a723918c6
commit 183445093ebd6be285e29f75b877e62a723918c6
Author: Nick Clifton <nickc@redhat.com>
Date: Fri Jan 25 13:16:06 2019 +0000
Prevent a potential illegal memory access in readelf when parsing a note with a zero name size.
PR 24131
* readelf.c (process_notes_at): Prevent an illegal memory access
when the note's namesize is zero.
(decode_tic6x_unwind_bytecode): Add code to handle the case where
no registers are specified in a frame pop instruction.
Diff:
---
binutils/ChangeLog | 8 ++++++++
binutils/readelf.c | 33 ++++++++++++++++++++-------------
2 files changed, 28 insertions(+), 13 deletions(-)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 7653019..a5f9bde 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,5 +1,13 @@
2019-01-25 Nick Clifton <nickc@redhat.com>
+ PR 24131
+ * readelf.c (process_notes_at): Prevent an illegal memory access
+ when the note's namesize is zero.
+ (decode_tic6x_unwind_bytecode): Add code to handle the case where
+ no registers are specified in a frame pop instruction.
+
+2019-01-25 Nick Clifton <nickc@redhat.com>
+
* po/bg.po: Updated Bulgarian translation.
2019-01-23 Nick Clifton <nickc@redhat.com>
diff --git a/binutils/readelf.c b/binutils/readelf.c
index b13eb6a..77acc6a 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -8852,21 +8852,28 @@ decode_tic6x_unwind_bytecode (Filedata * filedata,
}
printf (_("pop frame {"));
- reg = nregs - 1;
- for (i = i * 2; i > 0; i--)
+ if (nregs == 0)
{
- if (regpos[reg].offset == i - 1)
+ printf (_("*corrupt* - no registers specified"));
+ }
+ else
+ {
+ reg = nregs - 1;
+ for (i = i * 2; i > 0; i--)
{
- name = tic6x_unwind_regnames[regpos[reg].reg];
- if (reg > 0)
- reg--;
- }
- else
- name = _("[pad]");
+ if (regpos[reg].offset == i - 1)
+ {
+ name = tic6x_unwind_regnames[regpos[reg].reg];
+ if (reg > 0)
+ reg--;
+ }
+ else
+ name = _("[pad]");
- fputs (name, stdout);
- if (i > 1)
- printf (", ");
+ fputs (name, stdout);
+ if (i > 1)
+ printf (", ");
+ }
}
printf ("}");
@@ -18741,7 +18748,7 @@ process_notes_at (Filedata * filedata,
one version of Linux (RedHat 6.0) generates corefiles that don't
comply with the ELF spec by failing to include the null byte in
namesz. */
- if (inote.namedata[inote.namesz - 1] != '\0')
+ if (inote.namesz > 0 && inote.namedata[inote.namesz - 1] != '\0')
{
if ((size_t) (inote.descdata - inote.namedata) == inote.namesz)
{