blob: fb9ce90740eed734f72f95e6d3c3e7ae20f2e76f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
commit e82ab856bb4689330c29fb9f1c57a8555b26380e
Author: Nick Clifton <nickc@redhat.com>
Date: Thu Dec 1 10:49:39 2016 +0000
Fix a seg-fault disassembling a corrupt binary.
PR binutils/20892
* aoutx.h (find_nearest_line): Handle the case where the function
name is empty.
Upstream-Status: Backport
CVE: CVE-2017-7224
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog 2017-09-04 12:54:37.513859864 +0530
+++ git/bfd/ChangeLog 2017-09-04 13:00:22.891753836 +0530
@@ -120,6 +120,10 @@
* peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
the end of the string buffer.
+ PR binutils/20892
+ * aoutx.h (find_nearest_line): Handle the case where the function
+ name is empty.
+
2016-08-02 Nick Clifton <nickc@redhat.com>
PR ld/17739
Index: git/bfd/aoutx.h
===================================================================
--- git.orig/bfd/aoutx.h 2017-09-04 12:54:35.957851411 +0530
+++ git/bfd/aoutx.h 2017-09-04 12:57:50.634902163 +0530
@@ -2819,6 +2819,13 @@
const char *function = func->name;
char *colon;
+ if (buf == NULL)
+ {
+ /* PR binutils/20892: In a corrupt input file func can be empty. */
+ * functionname_ptr = NULL;
+ return TRUE;
+ }
+
/* The caller expects a symbol name. We actually have a
function name, without the leading underscore. Put the
underscore back in, so that the caller gets a symbol name. */
|