[Bug binutils/17531] readelf -a crashes on fuzzed samples

[cvs-commit at gcc dot gnu.org]

https://sourceware.org/bugzilla/show_bug.cgi?id=17531

--- Comment #44 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot 
gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gdb and binutils".

The branch, master has been updated
       via  c9c1d674406c5fff9d2f2ea771e4288cb6bf4e5a (commit)
      from  3a1cfc456f3b3f422b7c6c0d63891b015ea234b9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c9c1d674406c5fff9d2f2ea771e4288cb6bf4e5a

commit c9c1d674406c5fff9d2f2ea771e4288cb6bf4e5a
Author: Espen Grindhaug <address@hidden>
Date:   Thu Nov 27 15:49:23 2014 +0000

    Fixes an infinite loop in readelf parsing a corrupt binary, and other minor
corrections.

        PR binutils/17531
        * readelf.c (get_data): Move excessive length check to earlier on
        in the function and allow for wraparound in the arithmetic.
        (get_32bit_elf_symbols): Terminate early if the section size is
        zero.  Check for an invalid sh_entsize.  Check for an index
        section with an invalid size.
        (get_64bit_elf_symbols): Likewise.
        (process_section_groups): Check for an invalid sh_entsize.

-----------------------------------------------------------------------

Summary of changes:
 binutils/ChangeLog |   12 +++++++
 binutils/readelf.c |   88 ++++++++++++++++++++++++++++++++++++++++------------
 2 files changed, 80 insertions(+), 20 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.