[Bug binutils/17531] readelf crashes on fuzzed samples
https://sourceware.org/bugzilla/show_bug.cgi?id=17531 --- Comment #95 from cvs-commit at gcc dot gnu.org --- The binutils-2_25-branch branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1dead8aee09e9ba148f6f44040122f62b5e4acea commit 1dead8aee09e9ba148f6f44040122f62b5e4acea Author: Nick Clifton Date: Tue Mar 24 10:30:34 2015 + Import security fixes for readelf from the master branch: 2015-02-26 Nick Clifton PR binutils/17512 * readelf.c (process_corefile_note_segment): Check for inote.descdata extending beyond the end of the section. (process_v850_notes): Likewise. 2015-02-24 Mike Frysinger PR binutils/17531 * readelf.c (process_symbol_table): Declare chained. Increment it in every loop. Abort when chained is larger than nchains. Move error check outside of chain loop. 2015-02-10 Nick Clifton PR binutils/17531 * readelf.c (dump_relocations): Handle printing offsets which are MIN_INT. (process_corefile_note_segment): Add range check of the namesz field. 2015-02-06 Nick Clifton * readelf.c (process_mips_specific): Fail if an option has an invalid size. 2015-02-03 Nick Clifton PR binutils/17531 * readelf.c (get_data): Change parameter types from size_t to bfd_size_type. Add checks for loss of accuracy when casting from bfd_size_type to size_t. (get_dynamic_data): Likewise. (process_section_groups): Limit number of error messages. 2015-01-05 Nick Clifton * readelf.c (slurp_ia64_unwind_table): Warn if the reloc could not be indentified. (dynamic_section_mips_val): Warn if the timestamp is invalid. (print_mips_got_entry): Add a data_end parameter. Warn if a read would go beyond the end of the data, and return an error value. (process_mips_specific): Do not read options from beyond the end of the section. Correct code to display optional data at the end of an option. Warn if there are too many GOT symbols. Update calls to print_mips_got_entry, and handle error returns. 2014-12-08 Nick Clifton PR binutils/17531 * readelf.c (dump_ia64_unwind): Add range checks. (slurp_ia64_unwind_table): Change to a boolean function. Add range checks. (process_version_sections): Add range checks. (get_symbol_version_string): Add check for missing section headers. 2014-12-03 Nick Clifton PR binutils/17531 * readelf.c (get_machine_flags): Replace call to abort with a warning message and a return value. (get_elf_section_flags): Likewise. (get_symbol_visibility): Likewise. (get_ia64_symbol_other): Likewise. (get_ia64_symbol_other): Likewise. (is_32bit_abs_reloc): Likewise. (apply_relocations): Likewise. (display_arm_attribute): Likewise. 2014-12-01 Nick Clifton PR binutils/17512 * dwarf.h (struct dwarf_section): Add user_data field. * dwarf.c (frame_need_space): Check for an over large register number. (display_debug_frames): Check the return value from frame_need_space. Check for a CFA expression that is so long the start address wraps around. (debug_displays): Initialise the user_data field. * objdump.c (load_specific_debug_section): Save the BFD section pointer in the user_data field of the dwarf_section structure. (free_debug_section): Update BFD section data when freeing section contents. * readelf.c (load_specific_debug_section): Initialise the user_data field. 2014-12-01 Nick Clifton PR binutils/17531 * readelf.c (process_archive): Add range checks. 2014-11-28 Alan Modra * readelf.c (get_32bit_elf_symbols): Cast bfd_size_type values to unsigned long for %lx. (get_64bit_elf_symbols, process_section_groups): Likewise. 2014-11-27 Espen Grindhaug Nick Clifton PR binutils/17531 * readelf.c (get_data): Move excessive length check to earlier on in the function and allow for wraparound in the arithmetic. (get_32bit_elf_symbols): Terminate early if the section size is zero. Check for an invalid sh_entsize. Check for an index section with an invalid size. (get_64bit_elf_symbols): Likewise. (process_section_groups): Check for an invalid sh_entsize. 2014-11-21 Nick Clifton PR binutils/17531 * readelf.c (process_version_sections): Prevent an infinite loop processing corrupt version need data. (process_corefile_note_segment): Handle corrupt notes. 2014-11-18 Nic
[Bug binutils/17512] libbfd/binutils: crashes on fuzzed samples
https://sourceware.org/bugzilla/show_bug.cgi?id=17512 --- Comment #218 from cvs-commit at gcc dot gnu.org --- The binutils-2_25-branch branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1dead8aee09e9ba148f6f44040122f62b5e4acea commit 1dead8aee09e9ba148f6f44040122f62b5e4acea Author: Nick Clifton Date: Tue Mar 24 10:30:34 2015 + Import security fixes for readelf from the master branch: 2015-02-26 Nick Clifton PR binutils/17512 * readelf.c (process_corefile_note_segment): Check for inote.descdata extending beyond the end of the section. (process_v850_notes): Likewise. 2015-02-24 Mike Frysinger PR binutils/17531 * readelf.c (process_symbol_table): Declare chained. Increment it in every loop. Abort when chained is larger than nchains. Move error check outside of chain loop. 2015-02-10 Nick Clifton PR binutils/17531 * readelf.c (dump_relocations): Handle printing offsets which are MIN_INT. (process_corefile_note_segment): Add range check of the namesz field. 2015-02-06 Nick Clifton * readelf.c (process_mips_specific): Fail if an option has an invalid size. 2015-02-03 Nick Clifton PR binutils/17531 * readelf.c (get_data): Change parameter types from size_t to bfd_size_type. Add checks for loss of accuracy when casting from bfd_size_type to size_t. (get_dynamic_data): Likewise. (process_section_groups): Limit number of error messages. 2015-01-05 Nick Clifton * readelf.c (slurp_ia64_unwind_table): Warn if the reloc could not be indentified. (dynamic_section_mips_val): Warn if the timestamp is invalid. (print_mips_got_entry): Add a data_end parameter. Warn if a read would go beyond the end of the data, and return an error value. (process_mips_specific): Do not read options from beyond the end of the section. Correct code to display optional data at the end of an option. Warn if there are too many GOT symbols. Update calls to print_mips_got_entry, and handle error returns. 2014-12-08 Nick Clifton PR binutils/17531 * readelf.c (dump_ia64_unwind): Add range checks. (slurp_ia64_unwind_table): Change to a boolean function. Add range checks. (process_version_sections): Add range checks. (get_symbol_version_string): Add check for missing section headers. 2014-12-03 Nick Clifton PR binutils/17531 * readelf.c (get_machine_flags): Replace call to abort with a warning message and a return value. (get_elf_section_flags): Likewise. (get_symbol_visibility): Likewise. (get_ia64_symbol_other): Likewise. (get_ia64_symbol_other): Likewise. (is_32bit_abs_reloc): Likewise. (apply_relocations): Likewise. (display_arm_attribute): Likewise. 2014-12-01 Nick Clifton PR binutils/17512 * dwarf.h (struct dwarf_section): Add user_data field. * dwarf.c (frame_need_space): Check for an over large register number. (display_debug_frames): Check the return value from frame_need_space. Check for a CFA expression that is so long the start address wraps around. (debug_displays): Initialise the user_data field. * objdump.c (load_specific_debug_section): Save the BFD section pointer in the user_data field of the dwarf_section structure. (free_debug_section): Update BFD section data when freeing section contents. * readelf.c (load_specific_debug_section): Initialise the user_data field. 2014-12-01 Nick Clifton PR binutils/17531 * readelf.c (process_archive): Add range checks. 2014-11-28 Alan Modra * readelf.c (get_32bit_elf_symbols): Cast bfd_size_type values to unsigned long for %lx. (get_64bit_elf_symbols, process_section_groups): Likewise. 2014-11-27 Espen Grindhaug Nick Clifton PR binutils/17531 * readelf.c (get_data): Move excessive length check to earlier on in the function and allow for wraparound in the arithmetic. (get_32bit_elf_symbols): Terminate early if the section size is zero. Check for an invalid sh_entsize. Check for an index section with an invalid size. (get_64bit_elf_symbols): Likewise. (process_section_groups): Check for an invalid sh_entsize. 2014-11-21 Nick Clifton PR binutils/17531 * readelf.c (process_version_sections): Prevent an infinite loop processing corrupt version need data. (process_corefile_note_segment): Handle corrupt notes. 2014-11-18 Ni
[Bug gold/18147] gold should not issue relocation overflow error with --unresolved-symbols=ignore-all
https://sourceware.org/bugzilla/show_bug.cgi?id=18147 Alan Modra changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED Assignee|ccoutant at google dot com |amodra at gmail dot com --- Comment #7 from Alan Modra --- Fixed with commit 282c9750 -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/17531] readelf crashes on fuzzed samples
https://sourceware.org/bugzilla/show_bug.cgi?id=17531 --- Comment #96 from cvs-commit at gcc dot gnu.org --- The binutils-2_25-branch branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=304a2b6fe67786b45889a784bf71aabf2a9d26fd commit 304a2b6fe67786b45889a784bf71aabf2a9d26fd Author: Nick Clifton Date: Tue Mar 24 11:31:37 2015 + Import fixes for invalid memory access issues in the binutils DWARF parser from the trunk sources. PR binutils/17512 * dwarf.c (display_debug_loc): Pacify the undefined behaviour sanitizer by simplifying address difference calculation. (struct Frame_Chunk): Change type of cfa_offset to dwarf_vma in order to avoid arithmetic overflows. (frame_display_row): Cast cfa_offset before printing it. (display_debug_frames): Likewise. Check for an unexpected segment size. Chnage type of 'l' local to dwarf_vma and cast it back to an int when printing. (process_cu_tu_index): Tighten check for an invalid ncols value. * readelf.c (process_corefile_note_segment): Check for inote.descdata extending beyond the end of the section. (process_v850_notes): Likewise. 2015-02-13 Nick Clifton PR binutils/17512 * dwarf.c (read_leb128): Fix test for shift becoming too large. PR binutils/17531 * dwarf.c (display_debug_aranges): Add check for an excessive ar_length value. (process_cu_tu_index): Check for a row * columns sum being too large. 2015-02-13 Alan Modra * dwarf.c: Formatting, whitespace. (process_debug_info): Style fix. 2015-02-11 Nick Clifton PR binutils/17531 * dwarf.c (display_debug_pubnames_worker): Work around compiler bug checking address ranges. (display_debug_frames): Likewise. (display_gdb_index): Likewise. (process_cu_tu_index): Add range check on the ncols value. 2015-02-10 Nick Clifton PR binutils/17512 * dwarf.c (eh_addr_size): Use an unsigned type. (size_of_encoded_value): Return an unsigned type. (read_leb128): Break if the shift becomes too big. (process_extended_line_op): Do not read the address if the length is too long. (read_cie): Warn and fail if the pointer size or segment size are too big. * dwarf.h (DWARF2_External_LineInfo): Delete unused and incorrect structure definition. (DWARF2_External_PubNames): Likewise. (DWARF2_External_CompUnit): Likewise. (DWARF2_External_ARange): Likewise. (DWARF2_Internal_LineInfo): Use dwarf_vma type for li_prologue_length. (eh_addr_size): Update prototype. PR binutils/17531 * dwarf.c (process_debug_info): Zero the debug information array since correct initialisation cannot be relied upon. (process_cu_tu_index): Improve range checks. PR binutils/17531 * dwarf.c (display_debug_pubnames_worker): Use dwarf_vma type for offset. 2015-02-06 Nick Clifton PR binutils/17512 * dwarf.c (display_debug_frames): Fix range checks to work on 32-bit binaries complied on a 64-bit host. PR binutils/17531 * dwarf.c (xcmalloc): Fail if the arguments are too big. (xcrealloc): Likewise. (xcalloc2): Likewise. * readelf.c (process_mips_specific): Fail if an option has an invalid size. 2015-02-05 Alan Modra PR binutils/17926 * dwarf.c (dwarf_select_sections_by_letters): Don't refer to optarg. 2015-02-04 Nick Clifton PR binutils/17531 * dwarf.c (read_and_display_attr_value): Test for a block length being so long that it wraps around to before the start of the block. (process_debug_info): Test for section_begin wrapping around to before the start of the section. (display_gdb_index): Test for num_cus being so large that the end address wraps around to before the start of the section. (process_cu_tu_index): Test for j being so large that the section index pool wraps around to before the start of the section. 2015-02-03 Nick Clifton PR binutils/17531 * dwarf.c (process_debug_info): Add range check. (display_debug_pubnames_worker): Likewise. (display_gdb_index): Fix range check. (process_cu_tu_index): Add range check. * readelf.c (get_data): Change parameter types from size_t to bfd_size_type. Add checks for loss of accuracy when casting from bfd_size_type to size_t. (get_dynamic_data): Likewise. (process_section_groups): Limit number of error messages. 2015-01-12 H.J. Lu * dwarf.c (process_debug_info): Properly check abbrev size. 2015-0
[Bug binutils/17926] Explicit #include "getopt.h" to make opt* visible in binutils/dwarf.c
https://sourceware.org/bugzilla/show_bug.cgi?id=17926 --- Comment #3 from cvs-commit at gcc dot gnu.org --- The binutils-2_25-branch branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=304a2b6fe67786b45889a784bf71aabf2a9d26fd commit 304a2b6fe67786b45889a784bf71aabf2a9d26fd Author: Nick Clifton Date: Tue Mar 24 11:31:37 2015 + Import fixes for invalid memory access issues in the binutils DWARF parser from the trunk sources. PR binutils/17512 * dwarf.c (display_debug_loc): Pacify the undefined behaviour sanitizer by simplifying address difference calculation. (struct Frame_Chunk): Change type of cfa_offset to dwarf_vma in order to avoid arithmetic overflows. (frame_display_row): Cast cfa_offset before printing it. (display_debug_frames): Likewise. Check for an unexpected segment size. Chnage type of 'l' local to dwarf_vma and cast it back to an int when printing. (process_cu_tu_index): Tighten check for an invalid ncols value. * readelf.c (process_corefile_note_segment): Check for inote.descdata extending beyond the end of the section. (process_v850_notes): Likewise. 2015-02-13 Nick Clifton PR binutils/17512 * dwarf.c (read_leb128): Fix test for shift becoming too large. PR binutils/17531 * dwarf.c (display_debug_aranges): Add check for an excessive ar_length value. (process_cu_tu_index): Check for a row * columns sum being too large. 2015-02-13 Alan Modra * dwarf.c: Formatting, whitespace. (process_debug_info): Style fix. 2015-02-11 Nick Clifton PR binutils/17531 * dwarf.c (display_debug_pubnames_worker): Work around compiler bug checking address ranges. (display_debug_frames): Likewise. (display_gdb_index): Likewise. (process_cu_tu_index): Add range check on the ncols value. 2015-02-10 Nick Clifton PR binutils/17512 * dwarf.c (eh_addr_size): Use an unsigned type. (size_of_encoded_value): Return an unsigned type. (read_leb128): Break if the shift becomes too big. (process_extended_line_op): Do not read the address if the length is too long. (read_cie): Warn and fail if the pointer size or segment size are too big. * dwarf.h (DWARF2_External_LineInfo): Delete unused and incorrect structure definition. (DWARF2_External_PubNames): Likewise. (DWARF2_External_CompUnit): Likewise. (DWARF2_External_ARange): Likewise. (DWARF2_Internal_LineInfo): Use dwarf_vma type for li_prologue_length. (eh_addr_size): Update prototype. PR binutils/17531 * dwarf.c (process_debug_info): Zero the debug information array since correct initialisation cannot be relied upon. (process_cu_tu_index): Improve range checks. PR binutils/17531 * dwarf.c (display_debug_pubnames_worker): Use dwarf_vma type for offset. 2015-02-06 Nick Clifton PR binutils/17512 * dwarf.c (display_debug_frames): Fix range checks to work on 32-bit binaries complied on a 64-bit host. PR binutils/17531 * dwarf.c (xcmalloc): Fail if the arguments are too big. (xcrealloc): Likewise. (xcalloc2): Likewise. * readelf.c (process_mips_specific): Fail if an option has an invalid size. 2015-02-05 Alan Modra PR binutils/17926 * dwarf.c (dwarf_select_sections_by_letters): Don't refer to optarg. 2015-02-04 Nick Clifton PR binutils/17531 * dwarf.c (read_and_display_attr_value): Test for a block length being so long that it wraps around to before the start of the block. (process_debug_info): Test for section_begin wrapping around to before the start of the section. (display_gdb_index): Test for num_cus being so large that the end address wraps around to before the start of the section. (process_cu_tu_index): Test for j being so large that the section index pool wraps around to before the start of the section. 2015-02-03 Nick Clifton PR binutils/17531 * dwarf.c (process_debug_info): Add range check. (display_debug_pubnames_worker): Likewise. (display_gdb_index): Fix range check. (process_cu_tu_index): Add range check. * readelf.c (get_data): Change parameter types from size_t to bfd_size_type. Add checks for loss of accuracy when casting from bfd_size_type to size_t. (get_dynamic_data): Likewise. (process_section_groups): Limit number of error messages. 2015-01-12 H.J. Lu * dwarf.c (process_debug_info): Properly check abbrev size. 2015-01
[Bug binutils/17512] libbfd/binutils: crashes on fuzzed samples
https://sourceware.org/bugzilla/show_bug.cgi?id=17512 --- Comment #219 from cvs-commit at gcc dot gnu.org --- The binutils-2_25-branch branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=304a2b6fe67786b45889a784bf71aabf2a9d26fd commit 304a2b6fe67786b45889a784bf71aabf2a9d26fd Author: Nick Clifton Date: Tue Mar 24 11:31:37 2015 + Import fixes for invalid memory access issues in the binutils DWARF parser from the trunk sources. PR binutils/17512 * dwarf.c (display_debug_loc): Pacify the undefined behaviour sanitizer by simplifying address difference calculation. (struct Frame_Chunk): Change type of cfa_offset to dwarf_vma in order to avoid arithmetic overflows. (frame_display_row): Cast cfa_offset before printing it. (display_debug_frames): Likewise. Check for an unexpected segment size. Chnage type of 'l' local to dwarf_vma and cast it back to an int when printing. (process_cu_tu_index): Tighten check for an invalid ncols value. * readelf.c (process_corefile_note_segment): Check for inote.descdata extending beyond the end of the section. (process_v850_notes): Likewise. 2015-02-13 Nick Clifton PR binutils/17512 * dwarf.c (read_leb128): Fix test for shift becoming too large. PR binutils/17531 * dwarf.c (display_debug_aranges): Add check for an excessive ar_length value. (process_cu_tu_index): Check for a row * columns sum being too large. 2015-02-13 Alan Modra * dwarf.c: Formatting, whitespace. (process_debug_info): Style fix. 2015-02-11 Nick Clifton PR binutils/17531 * dwarf.c (display_debug_pubnames_worker): Work around compiler bug checking address ranges. (display_debug_frames): Likewise. (display_gdb_index): Likewise. (process_cu_tu_index): Add range check on the ncols value. 2015-02-10 Nick Clifton PR binutils/17512 * dwarf.c (eh_addr_size): Use an unsigned type. (size_of_encoded_value): Return an unsigned type. (read_leb128): Break if the shift becomes too big. (process_extended_line_op): Do not read the address if the length is too long. (read_cie): Warn and fail if the pointer size or segment size are too big. * dwarf.h (DWARF2_External_LineInfo): Delete unused and incorrect structure definition. (DWARF2_External_PubNames): Likewise. (DWARF2_External_CompUnit): Likewise. (DWARF2_External_ARange): Likewise. (DWARF2_Internal_LineInfo): Use dwarf_vma type for li_prologue_length. (eh_addr_size): Update prototype. PR binutils/17531 * dwarf.c (process_debug_info): Zero the debug information array since correct initialisation cannot be relied upon. (process_cu_tu_index): Improve range checks. PR binutils/17531 * dwarf.c (display_debug_pubnames_worker): Use dwarf_vma type for offset. 2015-02-06 Nick Clifton PR binutils/17512 * dwarf.c (display_debug_frames): Fix range checks to work on 32-bit binaries complied on a 64-bit host. PR binutils/17531 * dwarf.c (xcmalloc): Fail if the arguments are too big. (xcrealloc): Likewise. (xcalloc2): Likewise. * readelf.c (process_mips_specific): Fail if an option has an invalid size. 2015-02-05 Alan Modra PR binutils/17926 * dwarf.c (dwarf_select_sections_by_letters): Don't refer to optarg. 2015-02-04 Nick Clifton PR binutils/17531 * dwarf.c (read_and_display_attr_value): Test for a block length being so long that it wraps around to before the start of the block. (process_debug_info): Test for section_begin wrapping around to before the start of the section. (display_gdb_index): Test for num_cus being so large that the end address wraps around to before the start of the section. (process_cu_tu_index): Test for j being so large that the section index pool wraps around to before the start of the section. 2015-02-03 Nick Clifton PR binutils/17531 * dwarf.c (process_debug_info): Add range check. (display_debug_pubnames_worker): Likewise. (display_gdb_index): Fix range check. (process_cu_tu_index): Add range check. * readelf.c (get_data): Change parameter types from size_t to bfd_size_type. Add checks for loss of accuracy when casting from bfd_size_type to size_t. (get_dynamic_data): Likewise. (process_section_groups): Limit number of error messages. 2015-01-12 H.J. Lu * dwarf.c (process_debug_info): Properly check abbrev size. 2015-
[Bug binutils/17512] libbfd/binutils: crashes on fuzzed samples
https://sourceware.org/bugzilla/show_bug.cgi?id=17512 --- Comment #220 from cvs-commit at gcc dot gnu.org --- The binutils-2_25-branch branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4f9583e9c45482e111d30f94df650a3f2cf36b99 commit 4f9583e9c45482e111d30f94df650a3f2cf36b99 Author: Nick Clifton Date: Tue Mar 24 12:25:25 2015 + Import fixes from trunk sources to correct invalid memory access issues with various binutils programs. Apply from master: 2015-02-26 Nick Clifton PR binutils/17512 * coffgrok.c (do_type): Check for an out of range tag index. Check for integer overflow computing array dimension. (do_define): Likewise. 2015-02-26 Nick Clifton PR binutils/17512 * resrc.c (write_rc_messagetable): Tighten check for invalid message lengths. 2015-02-13 Nick Clifton * coffgrok.c (do_define): Add check for type size overflow. * srconv.c (walk_tree_sfile): Check that enough sections are available before parsing. (prescan): Likewise. 2015-02-03 Nick Clifton PR binutils/17512 * objdump.c (display_any_bfd): Fail if archives nest too deeply. 2015-01-27 Nick Clifton PR binutils/17512 * dlltool.c (identify_search_archive): If the last archive was the same as the current archive, terminate the loop. * addr2line.c (slurp_symtab): If the symcount is zero, free the symbol table pointer. * rcparse.y: Add checks to avoid integer divide by zero. * rescoff.c (read_coff_rsrc): Add check on the size of the resource section. (read_coff_res_dir): Add check on the nesting level. Check for resource names overrunning the buffer. * resrc.c (write_rc_messagetable): Update formatting. Add check of 'elen' being zero. 2015-01-23 Nick Clifton * nlmconv.c (powerpc_mangle_relocs): Fix build errors introduced by recent delta, when compiling on for a 32-bit host. 2015-01-21 Nick Clifton PR binutils/17512 * addr2line.c (main): Call bfd_set_error_program_name. * ar.c (main): Likewise. * coffdump.c (main): Likewise. * cxxfilt.c (main): Likewise. * dlltool.c (main): Likewise. * nlmconv.c (main): Likewise. * nm.c (main): Likewise. * objdump.c (main): Likewise. * size.c (main): Likewise. * srconv.c (main): Likewise. * strings.c (main): Likewise. * sysdump.c (main): Likewise. * windmc.c (main): Likewise. * windres.c (main): Likewise. * objcopy.c (main): Likewise. (copy_relocations_in_section): Check for relocs without associated symbol pointers. 2015-01-21 Nick Clifton PR binutils/17512 * coffgrok.c (do_type): Check that computed ref exists. (doit): Add range checks when computing section for scope. 2015-01-08 Nick Clifton PR binutils/17512 * ojcopy.c (copy_object): Free the symbol table if no symbols could be loaded. (copy_file): Use bfd_close_all_done to close files that could not be copied. * sysdump.c (getINT): Fail if reading off the end of the buffer. Replace call to abort with a call to fatal. (getCHARS): Prevetn reading off the end of the buffer. * nlmconv.c (i386_mangle_relocs): Skip relocs without an associated symbol. (powerpc_mangle_relocs): Skip unrecognised relocs. Check address range before applying a reloc. 2015-01-07 Nick Clifton PR binutils/17512 * dlltool.c (scan_obj_file): Break loop if the last archive displayed matches the current archive. * objdump.c (display_any_bfd): Add a depth limit to nested archive display in order to avoid infinite loops. * srconv.c: Replace calls to abort with calls to fatal with an error message. 2015-01-06 Nick Clifton PR binutils/17512 * coffdump.c (dump_coff_section): Check for a symbol being available before printing its name. (main): Check the return value from coff_grok. * coffgrok.c: Reformat and tidy. Add range checks to most functions. (coff_grok): Return NULL if the input bfd is not in a COFF format. * coffgrok.h: Reformat and tidy. (struct coff_section): Change the nrelocs field to unsigned. * srconv.c (main): Check the return value from coff_grok. 2015-01-05 Nick Clifton PR binutils/17512 * nm.c (print_symbol): Add 'is_synthetic' parameter. Use it to help initialize the info.elfinfo field. (print_size_symbols): Add 'synth_count' parameter. Use it to set the is_synthetic parameter when calling print_sym
[Bug binutils/17512] libbfd/binutils: crashes on fuzzed samples
https://sourceware.org/bugzilla/show_bug.cgi?id=17512 --- Comment #221 from cvs-commit at gcc dot gnu.org --- The binutils-2_25-branch branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7a57494b3cf09162ed556f4d1da2bd77d2acc4e4 commit 7a57494b3cf09162ed556f4d1da2bd77d2acc4e4 Author: Nick Clifton Date: Tue Mar 24 16:32:44 2015 + Import fixes from mainline that address illegal memory accesses when working with COFF/PE based files. Apply from master: 2015-02-26 Nick Clifton PR binutils/17512 * coffcode.h (coff_compute_section_file_positions): Report negative page sizes. 2015-02-10 Nick Clifton PR binutils/17512 * coffcode.h (styp_to_sec_flags): Use an unsigned long type to hold the flag bits. 2015-02-06 Nick Clifton PR binutils/17512 * peXXigen.c (rsrc_print_resource_entries): Add range check for addresses that wrap around the address space. (rsrc_parse_entry): Likewise. 2015-02-03 Nick Clifton PR binutils/17512 * ecoff.c: Use bfd_alloc2 to allocate space for structure arrays. (_bfd_ecoff_slurp_symbol_table): Check for a negative symbol index or an out of range fdr index. * peXXigen.c (pe_print_edata): Check for numeric overflow in edt fields. 2015-01-22 Nick Clifton PR binutils/17512 * coffcode.h (handle_COMDAT): When searching for the section symbol, make sure that there is space left in the symbol table. 2015-01-21 Nick Clifton PR binutils/17512 * coffcode.h (coff_set_arch_mach_hook): Check return value from bfd_malloc. (coff_slurp_line_table): Return FALSE if the line number information was corrupt. (coff_slurp_symbol_table): Return FALSE if the symbol information was corrupt. * peXXigen.c (_bfd_XXi_swap_aouthdr_in): Set bfd_error if the read fails. (slurp_symtab): Check the return from bfd_malloc. (_bfd_XX_bfd_copy_private_bfd_data_common): Fail if the copy encountered an error. (_bfd_XXi_final_link_postscript): Fail if a section could not be copied. * peicode.h (pe_bfd_object_p): Fail if the header could not be swapped in. 2015-01-08 Nick Clifton PR binutils/17512 * coffcode.h (coff_slurp_symbol_table): Return false if we failed to load the line table. 2015-01-06 Nick Clifton PR binutils/17512 * coff-i860.c (CALC_ADDEND): Always set an addend value. 2014-11-27 Nick Clifton PR binutils/17512 * ecoff.c (_bfd_ecoff_slurp_symbol_table): Warn about and correct a discrepancy between the isymMax and ifdMax values in the symbolic header. 2014-11-26 Nick Clifton PR binutils/17512 * coff-h8300.c (rtype2howto): Replace abort with returning a NULL value. * coff-h8500.c (rtype2howto): Likewise. * coff-tic30.c (rtype2howto): Likewise. * coff-z80.c (rtype2howto): Likewise. * coff-z8k.c (rtype2howto): Likewise. * coff-ia64.c (RTYPE2HOWTO): Always return a valid howto. * coff-m68k.c (m68k_rtype2howto): Return a NULL howto if none could be found. * coff-mcore.c (RTYPE2HOWTO): Add range checking. * coff-w65.c (rtype2howto): Likewise. * coff-we32k.c (RTYPE2HOWTO): Likewise. * pe-mips.c (RTYPE2HOWTO): Likewise. * coff-x86_64.c (coff_amd64_reloc): Likewise. Replace abort with an error return. * coffcode.h (coff_slurp_reloc_table): Allow the rel parameter to be unused. * coffgen.c (make_a_section_from_file): Check the length of a section name before testing to see if it is a debug section name. (coff_object_p): Zero out any uninitialised bytes in the opt header. * ecoff.c (_bfd_ecoff_slurp_symbolic_info): Test for the raw source being empty when there are values to be processed. (_bfd_ecoff_slurp_symbol_table): Add range check. 2014-11-21 Nick Clifton PR binutils/17512 * coffgen.c (coff_get_normalized_symtab): Check for an excessive number of auxillary entries. 2014-11-21 Alexander Cherepanov PR binutils/17512 * coffgen.c (_bfd_coff_read_string_table): Test allocation of string table before clearing the first few bytes. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/17512] libbfd/binutils: crashes on fuzzed samples
https://sourceware.org/bugzilla/show_bug.cgi?id=17512 --- Comment #222 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fc42baf3cdc41bc8cf12e35ae78e4529c1470118 commit fc42baf3cdc41bc8cf12e35ae78e4529c1470118 Author: Nick Clifton Date: Tue Mar 24 17:20:00 2015 + Fixes a bug introduced by the new ranges checks on COFF symbol tables. PR binutils/17512 * coffgen.c (coff_get_normalized_symtab): Fix test for out of range auxillary sections. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/18087] objcopy --compress-debug-sections can produce broken debug sections in PE binaries
https://sourceware.org/bugzilla/show_bug.cgi?id=18087 --- Comment #13 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d00121477371cfd1596118af062fe6ff4e263b7 commit 8d00121477371cfd1596118af062fe6ff4e263b7 Author: H.J. Lu Date: Tue Mar 24 13:27:52 2015 -0700 Don't write the zlib header if not used No need to write the zlib header if compression didn't make the section smaller. PR binutils/18087 * compress.c (bfd_compress_section_contents): Don't write the zlib header and set contents as well as compress_status if compression didn't make the section smaller. (bfd_init_section_compress_status): Don't check compression size here. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/18087] objcopy --compress-debug-sections can produce broken debug sections in PE binaries
https://sourceware.org/bugzilla/show_bug.cgi?id=18087 --- Comment #14 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by H.J. Lu : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b422eb499be2858969fb7723b4e4e08cab20fcdc commit b422eb499be2858969fb7723b4e4e08cab20fcdc Author: H.J. Lu Date: Tue Mar 24 19:06:22 2015 -0700 Don't write the zlib header if not used No need to write the zlib header if compression didn't make the section smaller. PR gas/18087 * write.c (compress_debug): Don't write the zlib header if compression didn't make the section smaller. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/18160] Segmentation Fault in lang_gc_sections when linking elf_x86_64 output
https://sourceware.org/bugzilla/show_bug.cgi?id=18160 Matt Ickstadt changed: What|Removed |Added CC||matthew.ickstadt at gmail dot com -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/18160] New: Segmentation Fault in lang_gc_sections when linking elf_x86_64 output
https://sourceware.org/bugzilla/show_bug.cgi?id=18160 Bug ID: 18160 Summary: Segmentation Fault in lang_gc_sections when linking elf_x86_64 output Product: binutils Version: 2.26 (HEAD) Status: NEW Severity: normal Priority: P2 Component: ld Assignee: unassigned at sourceware dot org Reporter: matthew.ickstadt at gmail dot com OS: Linux 3.16.0 x86_64 Ubuntu 14.10 Confirmed issue with HEAD (a25d8bf9c5b2c9d3671f4508c9132485c65c3773) and with 2.24.90 Linking together a few NASM-assembled objects and a rust-compiled lib with the command: ld-new --gc-sections -m elf_x86_64 -T link.ld -o bin/kernel.elf arch/x86_64/asm/multiboot.o arch/x86_64/asm/idt.o arch/x86_64/asm/runtime.o arch/x86_64/asm/gdt.o bin/libkernel.a It links fine with -m elf_i386 and only crashes for elf_x86_64. Here's a backtrace: #0 0x00482fb5 in elf_i386_gc_sweep_hook (abfd=0x1391750, info=0x7befc0 , sec=0x13b6a98, relocs=) at elf32-i386.c:1958 #1 0x00472cae in elf_gc_sweep (info=0x7befc0 , abfd=0x136de20) at elflink.c:12210 #2 bfd_elf_gc_sections (abfd=0x136de20, info=0x7befc0 ) at elflink.c:12472 #3 0x004147df in lang_gc_sections () at ldlang.c:6408 #4 lang_process () at ldlang.c:6727 #5 0x004039e7 in main (argc=13, argv=0x7fff8eebea98) at ./ldmain.c:418 It's interesting that it's still using elf_i386 functions for a 64-bit binary, but that could be normal for all I know. I can attach objects/source/core if needed. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/18160] Segmentation Fault in lang_gc_sections when linking elf_x86_64 output
https://sourceware.org/bugzilla/show_bug.cgi?id=18160 Matt Ickstadt changed: What|Removed |Added Target||elf_x86_64 CC|matthew.ickstadt at gmail dot com | Host||linux x86_64 Build||HEAD -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
