strip and objcopy don't filter out .. components from paths inside archive. Consider an archive created with the following command: $ printf '!<arch>\n%-48s%-10d`\n../file\n%-48s%-10s`\n' '//' 8 '/0' 0 > test.a then runnig strip/objcopy on it will unlink ./file (e.g. unlink("stq0g2tL/../st4Mtgu4/../file") ). Consider this: $ printf '!<arch>\n%-48s%-10d`\n../../file\n\n%-48s%-10s`\n' '//' 12 '/0' 0 > test.a then runnig strip/objcopy on it will unlink ../../file (e.g. unlink("staOxyFW/../../st4KIqLm/../../file") ). See also https://sourceware.org/bugzilla/show_bug.cgi?id=17533#c4 .
Created attachment 7899 [details] Proposed patch
Hi Alexander, Please could you try out the uploaded patch and let me know if it works for you ? Cheers Nick
Yes, the check seems to be Ok in general. And the specific issues are fixed. Two remarks: - strip/objcopy don't remove temporary files and dirs when run on the test.a from below. Perhaps, this is intended behavior, I don't know; - you seems to target Windows but the macros in include/filenames.h don't check for dos special names like con and prn (but it shouldn't be a problem under cygwin1.7).
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "gdb and binutils". The branch, master has been updated via dd9b91de2149ee81d47f708e7b0bbf57da10ad42 (commit) from 834107255bbefceb445fa733ebc1ea5d9f41ec7f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42 commit dd9b91de2149ee81d47f708e7b0bbf57da10ad42 Author: Nick Clifton <nickc@redhat.com> Date: Thu Nov 6 14:49:10 2014 +0000 Prevent archive memebers with illegal pathnames from being extracted from an archive. PR binutils/17552, binutils/17533 * bucomm.c (is_valid_archive_path): New function. Returns false for absolute pathnames and pathnames that include /../. * bucomm.h (is_valid_archive_path): Add prototype. * ar.c (extract_file): Use new function to check for valid pathnames when extracting files from an archive. * objcopy.c (copy_archive): Likewise. * doc/binutils.texi: Update documentation to mention the limitation on pathname of archive members. ----------------------------------------------------------------------- Summary of changes: binutils/ChangeLog | 16 ++++++++++++++-- binutils/ar.c | 9 +++++++++ binutils/bucomm.c | 26 ++++++++++++++++++++++++++ binutils/bucomm.h | 12 ++++++++---- binutils/doc/binutils.texi | 3 ++- binutils/objcopy.c | 6 ++++++ 6 files changed, 65 insertions(+), 7 deletions(-)
Hi Alexander, OK - I have checked the patch in. With regard to your questions. 1) Leaving the temporary files behind is not an intended feature, it is a bug. I see about creating a patch to fix it. 2. Adding handling for Windows special files seems a bit over the top. Are there any real world sceanarios where this would be a real problem ? Cheers Nick
Created attachment 7909 [details] Cleanup temporary files on error Hi Alexander, Please try out this patch and see if it gets rid of those left over temporary files... Cheers Nick
(In reply to Nick Clifton from comment #6) > Please try out this patch and see if it gets rid of those left over > temporary files... The patch doesn't apply to git head: patching file binutils/objcopy.c Hunk #1 FAILED at 2298. Hunk #2 FAILED at 2310. Hunk #3 FAILED at 2353. 3 out of 5 hunks FAILED -- saving rejects to file binutils/objcopy.c.rej (In reply to Nick Clifton from comment #5) > 2. Adding handling for Windows special files seems a bit over the top. > Are there any real world sceanarios where this would be a real problem ? Not really sure. I mainly think about sending garbage to a serial (com1-com9) or parallel (lpt9) port when something is connected to it, or to a printer (prn). But I haven't checked what native Windows ar (or other tools) will do in such a case.
Created attachment 7913 [details] Proposed patch (regenerated) Hi Alexander, Sorry about that. The master sources are changing rapidly at the moment. Please try this regenerated patch instead. Cheers Nick
Sorry, Nick, the new patch seems exactly as the previous. And it doesn't apply to git head. Did I miss something?
Hi Alexander, > Sorry, Nick, the new patch seems exactly as the previous. So it is. :-( I just assumed that I had made a mistake last time and so I regenerated the patch. I should have checked to see if it was actually different in some way. > And it doesn't apply to git head. Did I miss something? Well I guess so. I generated the patch by running "git diff binutils/objcopy.c" from an up-to-date set of binutils master sources, so I do not see how I missed anything. Are you using the master branch ? If you have a look at the failed hunks is there anything obvious about why they did not apply ? If it still causes you problems I will just go ahead and check the patch in. Then you can pull an updated set of sources and try again. My local testing has not shown up any problems with the patch... Cheers Nick
Ok, figured it out -- tabs were garbled while copy-pasting from a Web-page. Sorry for the noise. The patch is working for me (binutils/strip-new and binutils/objcopy).
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "gdb and binutils". The branch, master has been updated via 5e186ece2feebb46e63ff6bb2d2490aad0d5a724 (commit) from 36e9d67b868c85232ab630514260f0d9c9c6b27b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5e186ece2feebb46e63ff6bb2d2490aad0d5a724 commit 5e186ece2feebb46e63ff6bb2d2490aad0d5a724 Author: Nick Clifton <nickc@redhat.com> Date: Mon Nov 10 14:28:43 2014 +0000 Fix objcopy and strip so that they remove their temporary files even if an error occurs. PR binutils/17552 * (copy_archive): Clean up temporary files even if an error occurs. ----------------------------------------------------------------------- Summary of changes: binutils/ChangeLog | 6 ++++++ binutils/objcopy.c | 21 ++++++++++++++------- 2 files changed, 20 insertions(+), 7 deletions(-)
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "gdb and binutils". The branch, binutils-2_25-branch has been updated via 8f66a6af276d17c0e386cd2409873f2e3e0b8a37 (commit) via 32a9d621c3c480aa093a089a36e36c35f68a4010 (commit) from ff67f476b9907b9fddfbafff52caa4cce6a6f58c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8f66a6af276d17c0e386cd2409873f2e3e0b8a37 commit 8f66a6af276d17c0e386cd2409873f2e3e0b8a37 Merge: 32a9d62 ff67f47 Author: Nick Clifton <nickc@redhat.com> Date: Mon Nov 17 17:04:16 2014 +0000 Merge branch 'binutils-2_25-branch' of ssh://sourceware.org/git/binutils-gdb into binutils-2_25-branch Conflicts: gas/ChangeLog https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=32a9d621c3c480aa093a089a36e36c35f68a4010 commit 32a9d621c3c480aa093a089a36e36c35f68a4010 Author: Nick Clifton <nickc@redhat.com> Date: Mon Nov 17 16:59:09 2014 +0000 Applies a series of patches for PR 17512 and 17533 which fix invalid memory accesses. 2014-11-13 Nick Clifton <nickc@redhat.com> PR binutils/17512 * config/obj-coff.c (coff_obj_symbol_new_hook): Set the is_sym field. 2014-11-14 Nick Clifton <nickc@redhat.com> PR binutils/17512 * dwarf.c (get_encoded_value): Add an 'end' parameter. Change the 'data' parameter to a double pointer and return the updated value. (decode_location_expression): Update call to get_encoded_value. (frame_need_space): Handle the case where one or both of the mallocs fails. (read_cie): Initialise the cie pointer, even if the read fails. (display_debug_frames): Warn if the calculated block_end is before the start of the block. Break the loop if the CIE could not be read. Update call to get_encoded_value. Warn if the read CFA expressions are too big. 2014-11-13 Nick Clifton <nickc@redhat.com> PR binutils/17531 * readelf.c (process_version_sections): If the read of the version def information fails, make sure that the external verdef data is not used. (get_dynamic_data): Do not attempt to allocate memory for more dynamic data than there is in the file. If the read fails, free the allocated buffer. (process_symbol_table): Do not print dynamic information if we were unable to read the dynamic symbol table. (print_gnu_note): Do not print the note if the descsz is too small. 2014-11-12 Nick Clifton <nickc@redhat.com> PR binutils/17512 * dwarf.c (read_and_display_attr_value): Check that we do not read past end. (display_debug_pubnames_worker): Add range checks. (process_debug_info): Check for invalid pointer sizes. (display_loc_list): Likewise. (display_loc_list_dwo): Likewise. (display_debug_ranges): Likewise. (display_debug_aranges): Check for invalid address size. (read_cie): Add range checks. Replace call strchr with while loop. * objdump.c (dump_dwarf): Replace abort with a warning message. (print_section_stabs): Improve range checks. * rdcoff.c (coff_get_slot): Use long for indx parameter type. Add check for an excesively large index. * rddbg.c (read_section_stabs_debugging_info): Zero terminate the string table. Avoid walking off the end of the stabs data. * stabs.c (parse_stab_string): Add check for a NULL name. 2014-11-11 Nick Clifton <nickc@redhat.com> PR binutils/17531 * binutils/readelf.c (dynamic_nent): Change type to size_t. (slurp_rela_relocs): Use size_t type for nrelas. (slurp_rel_relocs): Likewise. (get_program_headers): Improve out of memory error message. (get_32bit_section_headers): Likewise. (get_32bit_section_headers): Likewise. (get_64bit_section_headers): Likewise. (get_32bit_elf_symbols): Likewise. (get_64bit_elf_symbols): Likewise. (process_section_groups): Likewise. (get_32bit_dynamic_section): Likewise. (get_64bit_dynamic_section): Likewise. (process_dynamic_section): Likewise. (process_version_sections): Likewise. (get_symbol_index_type): Likewise. (process_mips_specific): Likewise. (process_corefile_note_segment): Likewise. (process_version_sections): Use size_t type for total. (get_dynamic_data): Change type of number parameter to size_t. Improve out of memory error messages. (process_symbol_table): Change type of nbuckets and nchains to size_t. Skip processing of sections headers if there are none. Improve out of memory error messages. 2014-11-11 Nick Clifton <nickc@redhat.com> PR binutils/17531 * readelf.c (display_arm_attribute): Avoid reading off the end of the buffer when processing a Tag_nodefaults. 2014-11-10 Nick Clifton <nickc@redhat.com> PR binutils/17531 * readelf.c (ia64_process_unwind): Replace assertion with an error message. Add range checking for group section indicies. (hppa_process_unwind): Replace assertion with an error message. (process_syminfo): Likewise. (decode_arm_unwind_bytecode): Add range checking. (dump_section_as_strings): Add more string range checking. (display_tag_value): Likewise. (display_arm_attribute): Likewise. (display_gnu_attribute): Likewise. (display_tic6x_attribute): Likewise. (display_msp430x_attribute): Likewise. 2014-11-10 Nick Clifton <nickc@redhat.com> PR binutils/17552 * objcopy.c (copy_archive): Clean up temporary files even if an error occurs. 2014-11-07 Nick Clifton <nickc@redhat.com> PR binutils/17531 * readelf.c (get_data): Avoid allocating memory when we know that the read will fail. (find_section_by_type): New function. (get_unwind_section_word): Check for invalid symbol indicies. Check for invalid reloc types. (get_32bit_dynamic_section): Add range checks. (get_64bit_dynamic_section): Add range checks. (process_dynamic_section): Check for a corrupt time value. (process_symbol_table): Add range checks. (dump_section_as_strings): Add string length range checks. (display_tag_value): Likewise. (display_arm_attribute): Likewise. (display_gnu_attribute): Likewise. (display_tic6x_attribute): Likewise. (display_msp430x_attribute): Likewise. (process_mips_specific): Add range check. 2014-11-06 Nick Clifton <nickc@redhat.com> PR binutils/17552, binutils/17533 * bucomm.c (is_valid_archive_path): New function. Returns false for absolute pathnames and pathnames that include /../. * bucomm.h (is_valid_archive_path): Add prototype. * ar.c (extract_file): Use new function to check for valid pathnames when extracting files from an archive. * objcopy.c (copy_archive): Likewise. * doc/binutils.texi: Update documentation to mention the limitation on pathname of archive members. 2014-11-05 Nick Clifton <nickc@redhat.com> PR binutils/17531 * readelf.c (printable_section_name): New function. (printable_section_name_from_index): New function. (dump_relocations): Use new function. (process_program_headers, get_32bit_elf_symbols, (get_64bit_elf_symbols, process_section_headers, (process_section_groups, process_relocs, ia64_process_unwind, (hppa_process_unwind, get_unwind_section_word, decode_arm_unwind, (arm_process_unwind, process_version_sections, (process_symbol_table, apply_relocations, get_section_contents, (dump_section_as_strings, dump_section_as_bytes, (display_debug_section, process_attributes, process_mips_specific, (process_mips_specific process_gnu_liblist): Likewise. (get_unwind_section_word): Check for a missing symbol table. Replace aborts with error messages. (arm_process_unwind): Check for a missing string table. (process_attributes): Check for an attribute length that is too small. (process_mips_specific): Check for a corrupt GOT symbol offset. 2014-11-05 Nick Clifton <nickc@redhat.com> PR binutils/17533 * bucomm.c (is_valid_archive_path): New function. * bucomm.h (is_valid_archive_path): Prototype it. * ar.c (extract_file): Call is_valid_archive_path to verify a member filename before extracting it. * objcopy.c (copy_archive): Likewise. 2014-11-04 Nick Clifton <nickc@redhat.com> PR binutils/17531 * readelf.c (get_data): If the reason parameter is null, do not print any error messages. (get_32bit_section_headers): Verify section header entry size before reading in the section headers. (get_64bit_section_headers): Likewise. (process_section_headers): Pass FALSE to get_section_headers. (get_file_header): Pass TRUE to get_section_headers. (process_dynamic_section): Change an assert to an error message. (process_symbol_table): Handle corrupt histograms. (get_32bit_program_headers): Verify program header entry size before reading in the program headers. (get_64bit_program_headers): Likewise. (get_unwind_section_word): Do nothing if no section was provided. Fail if the offset is outside of the section. (print_dynamic_symbol): Catch out of range symbol indicies. (process_mips_specific): Likewise. (process_attributes): Make sure that there is enough space left in the section before attempting to read the length of the next attribute. 2014-11-03 Nick Clifton <nickc@redhat.com> PR binutils/17512 * objdump.c (slurp_symtab): Fail gracefully if the table could not be read. (dump_relocs_in_section): Likewise. 2014-11-14 Nick Clifton <nickc@redhat.com> PR binutils/17597 * opncls.c (bfd_get_debug_link_info): Avoid reading off the end of the section. (bfd_get_alt_debug_link_info): Likewise. 2014-11-14 Nick Clifton <nickc@redhat.com> PR binutils/17512 * ieee.c (ieee_archive_p) Skip processing if no bytes are read at all. (ieee_object_p): Likewise. 2014-11-13 H.J. Lu <hongjiu.lu@intel.com> * coffcode.h (coff_slurp_line_table): Add cast to unsigned int. 2014-11-13 H.J. Lu <hongjiu.lu@intel.com> * coffcode.h (coff_pointerize_aux_hook): Fix a typo. 2014-11-13 Nick Clifton <nickc@redhat.com> PR binutils/17512 * coffcode.h (coff_ptr_struct): Add is_sym field. (coff_new_section_hook): Set the is_sym field. (coff_pointerize_aux_hook): Check the is_sym field. (coff_print_aux): Likewise. (coff_compute_section_file_positions): Likewise. (coff_write_object_contents): Likewise. (coff_slurp_line_table): Likewise. (coff_slurp_symbol_table): Likewise. (CALC_ADDEND): Likewise. * coffgen.c (coff_renumber_symbols): Likewise. (coff_mangle_symbols): Likewise. (coff_fix_symbol_name): Likewise. (coff_write_symbol): Likewise. (coff_write_alien_symbol): Likewise. (coff_write_native_symbol): Likewise. (coff_write_symbols): Likewise. (coff_write_linenumbers): Likewise. (coff_pointerize_aux): Likewise. (coff_get_normalized_symtab): Likewise. (coff_get_symbol_info): Likewise. (bfd_coff_get_syment): Likewise. (bfd_coff_get_auxent): Likewise. (coff_print_symbol): Likewise. (coff_find_nearest_line_with_names): Likewise. (bfd_coff_set_symbol_class): Likewise. (coff_make_empty_symbol): Set the is_sym field. (coff_bfd_make_debug_symbol): Likewise. * peicode.h (pe_ILF_make_a_symbol): Likewise. * libcoff.h: Regenerate. * libcoff-in.h: Regenerate. 2014-11-12 Nick Clifton <nickc@redhat.com> PR binutils/17512 * coffcode.h (coff_slurp_line_table): Set the line number of corrupt entries to -1. (coff_slurp_symbol_table): Alway initialise the value of the symbol. * coffgen.c (coff_print_symbol): Check that the combined pointer is valid. (coff_print_symbol): Do not print negative line numbers. * peXXigen.c (pe_print_idata): Add range checking displaying member names. 2014-11-12 Alan Modra <amodra@gmail.com> PR binutils/17512 * coffcode.h (coff_slurp_line_table): Drop line number info not preceded by a valid function entry. Revert last change. 2014-11-11 Nick Clifton <nickc@redhat.com> PR binutils/17512 * coffcode.h (coff_slurp_line_table): Initialise the parts of the line number cache that would not be initialised by the copy from the new line number table. (coff_classify_symbol): Allow for _bfd_coff_internal_syment_name returning NULL. * coffgen.c (coff_get_normalized_symbols): Get the external symbols before allocating space for the internal symbols, in case the get fails. * elf.c (_bfd_elf_slurp_version_tables): Only allocate a verref array if one is needed. Likewise with the verdef array. * peXXigen.c (_bfd_XXi_swap_sym_in): Replace abort()'s with error messages. (_bfd_XXi_swap_aux_in): Make sure that all fields of the aux structure are initialised. (pe_print_edata): Avoid reading off the end of the data buffer. 2014-11-11 Alan Modra <amodra@gmail.com> PR binutils/17512 * coffcode.h (coff_slurp_line_table): Use updated lineno_count when building func_table. 2014-11-11 Alan Modra <amodra@gmail.com> PR binutils/17512 * coffcode.h (coff_slurp_line_table): Don't bfd_zalloc, just memset the particular bits we need. Update src after hitting loop "continue". Don't count lineno omitted due to invalid symbols in nbr_func, and update lineno_count. Init entire terminating lineno. Don't both allocating terminator in n_lineno_cache. Redirect sym->lineno pointer to where n_lineno_cache will be copied, and free n_lineno_cache. * pe-mips.c (NUM_HOWTOS): Typo fix. 2014-11-10 Nick Clifton <nickc@redhat.com> PR binutils/17521 * coff-i386.c (NUM_HOWTOS): New define. (RTYPE2HOWTO): Use it. (coff_i386_rtype_to_howto): Likewise. (coff_i386_reloc_name_lookup): Likewise. (CALC_ADDEND): Check that reloc r_type field is valid. * coff-x86_64.c (NUM_HOWTOS): New define. (RTYPE2HOWTO): Use it. (coff_amd64_rtype_to_howto): Likewise. (coff_amd64_reloc_name_lookup): Likewise. (CALC_ADDEND): Check that reloc r_type field is valid. * coffcode.h (coff_slurp_line_table): Check for symbol table indexing underflow. (coff_slurp_symbol_table): Use zalloc to ensure that all table entries are initialised. * coffgen.c (_bfd_coff_read_string_table): Initialise unused bits in the string table. Also ensure that the table is 0 terminated. (coff_get_normalized_symtab): Check for symbol table indexing underflow. * opncls.c (bfd_alloc): Catch the case where a small negative size can result in only 1 byte being allocated. (bfd_alloc2): Use bfd_alloc. * pe-mips.c (NUM_HOWTOS): New define. (coff_mips_reloc_name_lookup): Use it. (CALC_ADDEND): Check that reloc r_type field is valid. * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Initialise unused entries in the DataDirectory. (pe_print_idata): Avoid reading beyond the end of the data block wen printing strings. (pe_print_edata): Likewise. Check for table indexing underflow. * peicode.h (pe_mkobject): Initialise the pe_opthdr field. (pe_bfd_object_p): Allocate and initialize enough space to hold a PEAOUTHDR, even if the opt_hdr field specified less. 2014-11-08 Alan Modra <amodra@gmail.com> * peXXigen.c (pe_print_idata): Revert last patch, cast lhs instead. 2014-11-07 H.J. Lu <hongjiu.lu@intel.com> * peXXigen.c (pe_print_idata): Cast to unsigned long in range checks. 2014-11-07 Alan Modra <amodra@gmail.com> * tekhex.c (tekhex_set_arch_mach): Ignore unknown arch errors. 2014-11-07 Alan Modra <amodra@gmail.com> * tekhex.c (CHUNK_SPAN): Define. (struct data_struct <chunk_init>): Use one byte per span, update all code accessing this field. (find_chunk): Add create param, don't create new entry unless set. (insert_byte): Don't save zeros. (first_phase): Set section SEC_CODE or SEC_DATA flag depending on symbol type. Create an alternate section if both types of symbol are given. Attach type '2' and '6' symbols to absolute section. (move_section_contents): Fix caching of chunk. Don't create chunk when reading, or for writing zeros. (tekhex_set_section_contents): Don't create initial chunks. (tekhex_write_object_contents): Use CHUNK_SPAN. 2014-11-07 Alan Modra <amodra@gmail.com> * aoutx.h (aout_get_external_symbols): Tidy allocation of symbol buffer. 2014-11-07 Alan Modra <amodra@gmail.com> * archive.c (_bfd_slurp_extended_name_table): Revert bfd_get_size check. * coffcode.h (coff_set_alignment_hook): Likewise. (coff_slurp_line_table): Likewise. * coffgen.c (coff_get_normalized_symtab): Likewise. (_bfd_coff_get_external_symbols): Likewise. * elf.c (bfd_elf_get_str_section): Likewise. * tekhex.c (first_phase): Likewise. 2014-11-06 Nick Clifton <nickc@redhat.com> * aoutx.h (slurp_symbol_table): Revert previous delta. (slurp_reloc_table): Likewise. * compress.c (bfd_get_full_section_contents): Remove file size test. * coffgen.c (coff_get_normalized_symtab): Allow zero-sized symtabs and do not complain about linker generated files. 2014-11-04 Nick Clifton <nickc@redhat.com> PR binutils/17512 * coffcode.h (handle_COMDAT): Replace abort with BFD_ASSERT. Replace another abort with an error message. (coff_slurp_line_table): Add more range checking. * peXXigen.c (pe_print_debugdata): Add range checking. 2014-11-05 Nick Clifton <nickc@redhat.com> PR binutils/17512 * coffcode.h (coff_set_alignment_hook): Warn if the file lies about the number of relocations it contains. (coff_sort_func_alent): Return 0 if the pointers are NULL. (coff_slurp_line_table): Add more range checks. Do not free new tables created when sorting line numbers. * peXXigen.c (pe_print_idata): Add range checks. (pe_print_edata): Likewise. (rsrc_print_resource_entries): Likewise. Avoid printing control characters. Terminate priniting if corruption is detected. (rsrc_print_resource_directory): Terminate printing if an unknown directory type is encountered. (pe_print_debugdata): Fix off-by-one error. (rsrc_count_entries): Add range checking. (rsrc_parse_entry): Likewise. 2014-11-04 Nick Clifton <nickc@redhat.com> PR binutils/17512 * compress.c (bfd_get_full_section_contents): Improve test for linker created objects. PR binutils/17533 * archive.c (_bfd_slurp_extended_name_table): Handle archives with corrupt extended name tables. 2014-11-03 Nick Clifton <nickc@redhat.com> PR binutils/17512 * aoutx.h (slurp_symbol_table): Check that computed table size is not bigger than the file from which is it being read. (slurp_reloc_table): Likewise. * coffcode.h (coff_slurp_line_table): Remove unneeded local 'warned'. Do not try to print the details of a symbol with an invalid index. * coffgen.c (make_a_sectiobn_from_file): Check computed string index against length of string table. (bfd_coff_internal_syment_name): Check read in string offset against length of string table. (build_debug_section): Return a pointer to the section used. (_bfd_coff_read_string_table): Store the length of the string table in the coff_tdata structure. (bfd_coff_free_symbols): Set the length of the string table to zero when it is freed. (coff_get_normalized_symtab): Check offsets against string table or data table lengths as appropriate. * cofflink.c (_bfd_coff_link_input_bfd): Check offset against length of string table. * compress.c (bfd_get_full_section_contents): Check computed size against the size of the file. * libcoff-in.h (obj_coff_strings_len): Define. (struct coff_tdata): Add strings_len field. * libcoff.h: Regenerate. * peXXigen.c (pe_print_debugdata): Do not attempt to print the data if the debug section is too small. * xcofflink.c (xcoff_link_input_bfd): Check offset against length of string table. 2014-10-31 Nick Clifton <nickc@redhat.com> PR binutils/17512 * coffgen.c (_bfd_coff_get_external_symbols): Do not try to load a symbol table bigger than the file. * elf.c (bfd_elf_get_str_section): Do not try to load a string table bigger than the file. * tekhex.c (first_phase): Check that the section range is sane. ----------------------------------------------------------------------- Summary of changes: bfd/ChangeLog | 282 ++++++++++++ bfd/aoutx.h | 24 +- bfd/archive.c | 5 +- bfd/coff-i386.c | 17 +- bfd/coff-x86_64.c | 11 +- bfd/coffcode.h | 170 +++++--- bfd/coffgen.c | 168 ++++++-- bfd/cofflink.c | 5 +- bfd/elf.c | 24 +- bfd/ieee.c | 6 +- bfd/libcoff-in.h | 3 + bfd/libcoff.h | 16 +- bfd/opncls.c | 41 +- bfd/pe-mips.c | 9 +- bfd/peXXigen.c | 220 +++++++--- bfd/peicode.h | 15 +- bfd/tekhex.c | 112 +++-- bfd/xcofflink.c | 5 +- binutils/ChangeLog | 199 +++++++++ binutils/ar.c | 9 + binutils/bucomm.c | 26 ++ binutils/bucomm.h | 12 +- binutils/doc/binutils.texi | 3 +- binutils/dwarf.c | 209 +++++++--- binutils/objcopy.c | 23 +- binutils/objdump.c | 27 +- binutils/rdcoff.c | 9 +- binutils/rddbg.c | 40 ++- binutils/readelf.c | 1039 ++++++++++++++++++++++++++++++++------------ binutils/stabs.c | 30 +- gas/ChangeLog | 10 + gas/config/obj-coff.c | 1 + 32 files changed, 2109 insertions(+), 661 deletions(-)
fixed a while ago