darlinghq/darling-gdb
1
0
Fork 0
mirror of https://github.com/darlinghq/darling-gdb.git synced 2024-11-24 12:39:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix a seg-fault in strings and other binutuils when parsing a corrupt PE

Browse Source 
executable with an invalid value in the NumberOfRvaAndSizes field of the
AOUT header.

	PR binutils/17512
	* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries
	with an invalid value for NumberOfRvaAndSizes.
This commit is contained in:
Nick Clifton 2014-10-27 14:45:06 +00:00
parent 493a33860c
commit 7e1e19887a
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bfd/ChangeLog
View File

@ -1,5 +1,9 @@
2014-10-27 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Handle corrupt binaries
with an invalid value for NumberOfRvaAndSizes.
PR binutils/17510
* elf.c (setup_group): Improve handling of corrupt group
sections.

12
bfd/peXXigen.c
View File

@ -504,6 +504,18 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd,
{
int idx;
/* PR 17512: Corrupt PE binaries can cause seg-faults. */
if (a->NumberOfRvaAndSizes > 16)
{
(*_bfd_error_handler)
(_("%B: aout header specifies an invalid number of data-directory entries: %d"),
abfd, a->NumberOfRvaAndSizes);
/* Paranoia: If the number is corrupt, then assume that the
actual entries themselves might be corrupt as well. */
a->NumberOfRvaAndSizes = 0;
}
for (idx = 0; idx < a->NumberOfRvaAndSizes; idx++)
{
/* If data directory is empty, rva also should be 0. */