[Bug binutils/21786] Stack-buffer-overflow in {coff,coff64}-rs6000.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21786 --- Comment #3 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=29866fa186ee3ebda5242221607dba360b2e541e commit 29866fa186ee3ebda5242221607dba360b2e541e Author: Nick Clifton Date: Wed Jul 19 11:07:43 2017 +0100 Fix address violation when attempting to read a corrupt field in a COFF archive header structure. PR 21786 * coff-rs6000.c (_bfd_strntol): New function. (_bfd_strntoll): New function. (GET_VALUE_IN_FIELD): New macro. (EQ_VALUE_IN_FIELD): new macro. (_bfd_xcoff_slurp_armap): Use new macros. (_bfd_xcoff_archive_p): Likewise. (_bfd_xcoff_read_ar_hdr): Likewise. (_bfd_xcoff_openr_next_archived_file): Likewise. (_bfd_xcoff_stat_arch_elt): Likewise. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21786] Stack-buffer-overflow in {coff,coff64}-rs6000.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21786 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #4 from Nick Clifton --- Hi Ned, Thanks for reporting this bug. Unfortunately the patch you proposed will not work as the numeric strings in the archive header structure are not guaranteed to be NUL terminated. In fact the specification explicitly states: 16 Archive Member Headers Each member (linker, longnames, or object-file member) is preceded by a header. An archive member header has the following format, in which each field is an ASCII text string that is left justified and padded with spaces to the end of the field. There is no terminating null character in any of these fields. This is from "Microsoft Portable Executable and Common Object File Format Specification Revision 8.3 – February 6, 2013" So whilst there *might* be a space at the end of the field there definitely will not be a NUL character. The alternative is to copy the field into a NUL terminated buffer before attempting to parse it, and this is what I have done with the patch recently committed. As a bonus I also fixed up the places where strtoll (instead of strtol) should have been used to read 20 character numeric values. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21786] Stack-buffer-overflow in {coff,coff64}-rs6000.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21786 --- Comment #5 from Ned Williamson --- Hi Nick, thanks for the great patch! It's much better than the suggested one. Thank you for pointing out the specification. I did see a crash in coff64-rs6000 as well, so that may need to use the new safe functions. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21787] Heap-use-after-free in bfd_cache_close
https://sourceware.org/bugzilla/show_bug.cgi?id=21787 --- Comment #2 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=909e4e716c4d77e33357bbe9bc902bfaf2e1af24 commit 909e4e716c4d77e33357bbe9bc902bfaf2e1af24 Author: Nick Clifton Date: Wed Jul 19 14:49:12 2017 +0100 Fix use-after-free error when parsing a corrupt nested archive. PR 21787 * archive.c (bfd_generic_archive_p): If the bfd does not have the correct magic bytes at the start, set the error to wrong format and clear the format selector before returning NULL. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21787] Heap-use-after-free in bfd_cache_close
https://sourceware.org/bugzilla/show_bug.cgi?id=21787 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #3 from Nick Clifton --- Hi Ned, Thanks for reporting this bug. The problem is an interesting one because the code is actually set up to prevent the use-after-free from happening. In the normal course of events when an element of an archive is no longer needed and the memory is freed, all pointers to it will be tidied away. But in this case, because the archive is corrupt, the wrong set of memory releasing functions are being used and the pointers are not tidied away. Later on, when another element is freed, the stale pointer is encountered and the bug triggered. I have checked in a patch to fix the problem. It makes the test for a genuine archive be more aggressive when it signals that an archive is corrupt, forcing the format matching mechanism to declare it as unrecognised long before it can cause any memory corruption. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/20755] readelf: DWARF-5 support
https://sourceware.org/bugzilla/show_bug.cgi?id=20755 Ben Woodard changed: What|Removed |Added CC||woodard at redhat dot com -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21786] Stack-buffer-overflow in {coff,coff64}-rs6000.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21786 --- Comment #6 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c4e7b6bfbc4679f695106de2817ecf02b27c8be commit 6c4e7b6bfbc4679f695106de2817ecf02b27c8be Author: Nick Clifton Date: Wed Jul 19 16:14:02 2017 +0100 Extend previous fix to coff-rs6000.c to coff64-rs6000.c PR 21786 * coff64-rs6000.c (_bfd_strntol): New function. (_bfd_strntoll): New function. (GET_VALUE_IN_FIELD): New macro. (xcoff64_slurp_armap): Use new macros. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21786] Stack-buffer-overflow in {coff,coff64}-rs6000.c
https://sourceware.org/bugzilla/show_bug.cgi?id=21786 --- Comment #7 from Nick Clifton --- Hi Ned, > I did see a crash in coff64-rs6000 as well, so that may need to use the new > safe functions. Ah - thanks for pointing that out. I have now checked in an additional patch to cover coff64-rs6000.c. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/18841] Data relocations with IFUNC symbols can lead to segfault
https://sourceware.org/bugzilla/show_bug.cgi?id=18841 --- Comment #10 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Szabolcs Nagy : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2e6a8430e72d58e70efbb32dc3953d5cf33 commit f2e6a8430e72d58e70efbb32dc3953d5cf33 Author: Szabolcs Nagy Date: Tue Jul 4 15:43:59 2017 +0100 [AArch64] Fix PR18841 ifunc relocation ordering In order to get the ifunc relocs properly sorted the correct class needs to be returned. The code mimics what has been done for x86. Fixes FAIL: Run pr18841 with libpr18841c.so bfd/ PR ld/18841 * elfnn-aarch64.c (elfNN_aarch64_reloc_type_class): Return reloc_class_ifunc for ifunc symbols. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/21739] Inconsistent diagnostics
https://sourceware.org/bugzilla/show_bug.cgi?id=21739 --- Comment #1 from Roland Illig --- The word "reigster" contains a typo. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/13813] ld-mips-elf/comm-data.exp failures for mipsisa32r2el-unknown-linux-gnu
https://sourceware.org/bugzilla/show_bug.cgi?id=13813 Maciej W. Rozycki changed: What|Removed |Added Status|NEW |RESOLVED CC||ma...@linux-mips.org Resolution|--- |FIXED --- Comment #3 from Maciej W. Rozycki --- Long fixed. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/16656] mipsisa32r2el-unknown-linux-gnu testsuite failures
https://sourceware.org/bugzilla/show_bug.cgi?id=16656
--- Comment #1 from cvs-commit at gcc dot gnu.org ---
The master branch has been updated by Maciej W. Rozycki :
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2018ef80ae7ebbe410aed0e30367fca27e3eb2d8
commit 2018ef80ae7ebbe410aed0e30367fca27e3eb2d8
Author: Maciej W. Rozycki
Date: Thu Jul 20 00:39:57 2017 +0100
PR ld/16656: Add missing annotation to the relevant ChangeLog entries
Add PR ld/16656 annotation to ChangeLog entries for commit 9a0f1d5099fa
("LD/testsuite: Conditionalize the placement of `.dynamic' in
GNU_RELRO") and commit ("LD/testsuite: Conditionalize the placement of
`.got' in GNU_RELRO").
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/16656] mipsisa32r2el-unknown-linux-gnu testsuite failures
https://sourceware.org/bugzilla/show_bug.cgi?id=16656 Maciej W. Rozycki changed: What|Removed |Added Status|NEW |RESOLVED CC||ma...@linux-mips.org Resolution|--- |FIXED --- Comment #2 from Maciej W. Rozycki --- Fixed. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
