[Bug binutils/22385] Integer overflow in coff_get_normalized_symtab
https://sourceware.org/bugzilla/show_bug.cgi?id=22385 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Mingi, Thanks for another bug report and patch! I have applied the patch, but I also decided that a second check, in _bfd_coff_get_external_symbols, was also a good idea, so I have added that as well. Cheers Nick -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22385] Integer overflow in coff_get_normalized_symtab
https://sourceware.org/bugzilla/show_bug.cgi?id=22385 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca commit 6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca Author: Nick Clifton Date: Fri Nov 3 11:55:21 2017 + Fix excessive memory allocation attempts and possible integer overfloaws when attempting to read a COFF binary with a corrupt symbol count. PR 22385 * coffgen.c (_bfd_coff_get_external_symbols): Check for an overlarge raw syment count. (coff_get_normalized_symtab): Likewise. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22386] Integer overflow in print_debug_frame ()
https://sourceware.org/bugzilla/show_bug.cgi?id=22386 --- Comment #1 from cvs-commit at gcc dot gnu.org --- The master branch has been updated by Nick Clifton : https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d commit bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d Author: Nick Clifton Date: Fri Nov 3 13:57:15 2017 + Fix integer overflow problems when reading an ELF binary with corrupt augmentation data. PR 22386 * dwarf.c (read_cie): Use bfd_size_type for augmentation_data_len. (display_augmentation_data): New function. (display_debug_frames): Use it. Check for integer overflow when testing augmentation_data_len. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug binutils/22386] Integer overflow in print_debug_frame ()
https://sourceware.org/bugzilla/show_bug.cgi?id=22386 Nick Clifton changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED CC||nickc at redhat dot com Resolution|--- |FIXED --- Comment #2 from Nick Clifton --- Hi Mingi, Thanks for the bug report. I was unable to reproduce the exact failure that you reported, but I did find something similar. The patch you have supplied does help, but I also found that there was a problem trying to read a 64-bit LEB128-encoded value into a 32-bit variable. So I have extended the patch to cover that. Cheers Nick PS. You might find it interesting to create some test binaries with very large LEB128 values in them (more than 128 bits say) and see how the various tools in the binutils suite cope with them. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug admin/22393] New: Add read-only segment
https://sourceware.org/bugzilla/show_bug.cgi?id=22393 Bug ID: 22393 Summary: Add read-only segment Product: binutils Version: 2.30 (HEAD) Status: NEW Severity: normal Priority: P2 Component: admin Assignee: unassigned at sourceware dot org Reporter: hjl.tools at gmail dot com Target Milestone: --- We currently put read-only sections in read-execute segment: [hjl@gnu-ivb-1 gcc]$ readelf -lW /bin/ls Elf file type is DYN (Shared object file) Entry point 0x51c0 There are 9 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x40 0x0040 0x0040 0x0001f8 0x0001f8 R E 0x8 INTERP 0x000238 0x0238 0x0238 0x1c 0x1c R 0x1 [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2] LOAD 0x00 0x 0x 0x01d84c 0x01d84c R E 0x20 LOAD 0x01dfd0 0x0021dfd0 0x0021dfd0 0x001278 0x002418 RW 0x20 DYNAMIC0x01ea18 0x0021ea18 0x0021ea18 0x0001e0 0x0001e0 RW 0x8 NOTE 0x000254 0x0254 0x0254 0x44 0x44 R 0x4 GNU_EH_FRAME 0x01a1f4 0x0001a1f4 0x0001a1f4 0x000824 0x000824 R 0x4 GNU_STACK 0x00 0x 0x 0x00 0x00 RW 0x10 GNU_RELRO 0x01dfd0 0x0021dfd0 0x0021dfd0 0x001030 0x001030 R 0x1 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .init .plt .plt.got .text .fini .rodata .eh_frame_hdr .eh_frame 03 .init_array .fini_array .data.rel.ro .dynamic .got .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .init_array .fini_array .data.rel.ro .dynamic .got [hjl@gnu-ivb-1 gcc]$ I'd like to add a read-only segment for read-only sections to prevent executing data in read-only sections as instructions. -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22393] Add read-only segment
https://sourceware.org/bugzilla/show_bug.cgi?id=22393 H.J. Lu changed: What|Removed |Added Component|admin |ld -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22394] New: hppa-linux-ld fails to emit dynamic relocations on function pointer initialization
https://sourceware.org/bugzilla/show_bug.cgi?id=22394
Bug ID: 22394
Summary: hppa-linux-ld fails to emit dynamic relocations on
function pointer initialization
Product: binutils
Version: 2.30 (HEAD)
Status: NEW
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: amodra at gmail dot com
Target Milestone: ---
gcc -mfast-indirect-calls emits a function pointer initialization without a P%
(plabel) modifier. ld does not create the necessary dynamic relocations for
this to work.
$ cat funcp.c
extern void foo(void);
void (*fp)(void) = foo;
int main()
{
fp();
return 0;
}
$ cat funcpdef.c
void foo(void) {}
$ gcc -shared -o funcpdef.so funcpdef.c
$ gcc -o funcp funcp.c funcpdef.so -Wl,-rpath=.
$ ./funcp
$ gcc -o funcp funcp.c funcpdef.so -Wl,-rpath=. -mfast-indirect-calls
$ ./funcp
Segmentation fault (core dumped)
--
You are receiving this mail because:
You are on the CC list for the bug.
___
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22394] hppa-linux-ld fails to emit dynamic relocations on function pointer initialization
https://sourceware.org/bugzilla/show_bug.cgi?id=22394 Alan Modra changed: What|Removed |Added Status|NEW |ASSIGNED CC||danglin at gcc dot gnu.org Assignee|unassigned at sourceware dot org |amodra at gmail dot com -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
[Bug ld/22394] hppa-linux-ld fails to emit dynamic relocations on function pointer initialization
https://sourceware.org/bugzilla/show_bug.cgi?id=22394 Alan Modra changed: What|Removed |Added Target||hppa-linux-gnu -- You are receiving this mail because: You are on the CC list for the bug. ___ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
