d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bfd: avoid crash on corrupt binaries

Browse Source 
From binutils commits 5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 and
7e1e19887abd24aeb15066b141cdff5541e0ec8e, made available under GPLv2
by Nick Clifton.

PR:		198824
MFC after:	1 week
Security:	CVE-2014-8501
Security:	CVE-2014-8502
This commit is contained in:
Ed Maste 2017-11-23 16:04:52 +00:00
parent bd036e101c
commit b452493a3d
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
contrib/binutils/bfd/peXXigen.c
View File

@ -448,6 +448,17 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd,
{
int idx;
/* PR 17512: Corrupt PE binaries can cause seg-faults. */
if (a->NumberOfRvaAndSizes > 16)
{
(*_bfd_error_handler)
(_("%B: aout header specifies an invalid number of data-directory entries: %d"),
abfd, a->NumberOfRvaAndSizes);
/* Paranoia: If the number is corrupt, then assume that the
actual entries themselves might be corrupt as well. */
a->NumberOfRvaAndSizes = 0;
}
for (idx = 0; idx < 16; idx++)
{
/* If data directory is empty, rva also should be 0. */
@ -1428,6 +1439,15 @@ pe_print_edata (bfd * abfd, void * vfile)
}
}
/* PR 17512: Handle corrupt PE binaries. */
if (datasize < 36)
{
fprintf (file,
_("\nThere is an export table in %s, but it is too small (%d)\n"),
section->name, (int) datasize);
return TRUE;
}
fprintf (file, _("\nThere is an export table in %s at 0x%lx\n"),
section->name, (unsigned long) addr);