[binutils-gdb] PR25961, buffer overflow in coff_swap_aux_in

[binutils-gdb] PR25961, buffer overflow in coff_swap_aux_in

[gdb-buildbot]

*** TEST RESULTS FOR COMMIT 4d5acb1ea570f04f8020338bad6918dfe76b785c ***

commit 4d5acb1ea570f04f8020338bad6918dfe76b785c
Author:     Alan Modra <amodra@gmail.com>
AuthorDate: Mon May 11 18:00:31 2020 +0930
Commit:     Alan Modra <amodra@gmail.com>
CommitDate: Mon May 11 18:11:26 2020 +0930

    PR25961, buffer overflow in coff_swap_aux_in
    
            PR 25961
            * coffgen.c (coff_get_normalized_symtab): Check that buffer
            contains required number of auxents before processing any auxent.
            * coffswap.h (coff_swap_aux_in <C_FILE>): Only swap in extended
            file name from auxents for PE.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 19ecf89292..38ff45537b 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,11 @@
+2020-05-11  Alan Modra  <amodra@gmail.com>
+
+	PR 25961
+	* coffgen.c (coff_get_normalized_symtab): Check that buffer
+	contains required number of auxents before processing any auxent.
+	* coffswap.h (coff_swap_aux_in <C_FILE>): Only swap in extended
+	file name from auxents for PE.
+
 2020-05-04  Gunther Nikl  <gnikl@justmail.de>
 
 	* aout-cris.c (DEFAULT_ARCH): Delete define.
diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index 6d84d51284..96140e0ad2 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1818,6 +1818,13 @@ coff_get_normalized_symtab (bfd *abfd)
       symbol_ptr = internal_ptr;
       internal_ptr->is_sym = TRUE;
 
+      /* PR 17512: Prevent buffer overrun.  */
+      if (symbol_ptr->u.syment.n_numaux > (raw_end - raw_src) / symesz)
+	{
+	  bfd_release (abfd, internal);
+	  return NULL;
+	}
+
       for (i = 0;
 	   i < symbol_ptr->u.syment.n_numaux;
 	   i++)
@@ -1825,13 +1832,6 @@ coff_get_normalized_symtab (bfd *abfd)
 	  internal_ptr++;
 	  raw_src += symesz;
 
-	  /* PR 17512: Prevent buffer overrun.  */
-	  if (raw_src >= raw_end || internal_ptr >= internal_end)
-	    {
-	      bfd_release (abfd, internal);
-	      return NULL;
-	    }
-
 	  bfd_coff_swap_aux_in (abfd, (void *) raw_src,
 				symbol_ptr->u.syment.n_type,
 				symbol_ptr->u.syment.n_sclass,
diff --git a/bfd/coffswap.h b/bfd/coffswap.h
index 7c0be22107..f75001e0d2 100644
--- a/bfd/coffswap.h
+++ b/bfd/coffswap.h
@@ -399,7 +399,7 @@ coff_swap_aux_in (bfd *abfd,
 #if FILNMLEN != E_FILNMLEN
 #error we need to cope with truncating or extending FILNMLEN
 #else
-	  if (numaux > 1)
+	  if (numaux > 1 && coff_data (abfd)->pe)
 	    {
 	      if (indx == 0)
 		memcpy (in->x_file.x_fname, ext->x_file.x_fname,

Failures on Fedora-i686, branch master

[gdb-buildbot]

Buildername:
        Fedora-i686

Worker:
        fedora-x86-64-4

Full Build URL:
	https://gdb-buildbot.osci.io/#builders/18/builds/3079

Author:
        Alan Modra <amodra@gmail.com>

Commit tested:
        4d5acb1ea570f04f8020338bad6918dfe76b785c

Subject of commit:
        PR25961, buffer overflow in coff_swap_aux_in

Testsuite logs (gdb.sum, gdb.log and others):
        https://gdb-buildbot.osci.io/results/Fedora-i686/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c/

*** Diff to previous build ***
==============================================
PASS -> FAIL: gdb.fortran/vla-sizeof.exp: print sizeof non-allocated indexed vla1
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 10: break at break_fn: 1
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 10: break at break_fn: 2
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 10: break at break_fn: 3
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 7: break at break_fn: 1
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 7: break at break_fn: 2
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 7: break at break_fn: 3
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 7: detach
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 7: reset timer in the inferior
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 8: break at break_fn: 1
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 8: break at break_fn: 2
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 8: break at break_fn: 3
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 8: detach
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 8: reset timer in the inferior
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 9: break at break_fn: 1
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 9: break at break_fn: 2
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 9: break at break_fn: 3
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 9: detach
PASS -> FAIL: gdb.threads/attach-many-short-lived-threads.exp: iter 9: reset timer in the inferior
==============================================

*** Complete list of XFAILs for this builder ***

To obtain the list of XFAIL tests for this builder, go to:

        <https://gdb-buildbot.osci.io/results/Fedora-i686/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c//xfail.gz>

You can also see a pretty-printed version of the list, with more information
about each XFAIL, by going to:

        <https://gdb-buildbot.osci.io/results/Fedora-i686/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c//xfail.table.gz>

Failures on Fedora-x86_64-cc-with-index, branch master

[gdb-buildbot]

Buildername:
        Fedora-x86_64-cc-with-index

Worker:
        fedora-x86-64-3

Full Build URL:
	https://gdb-buildbot.osci.io/#builders/20/builds/3028

Author:
        Alan Modra <amodra@gmail.com>

Commit tested:
        4d5acb1ea570f04f8020338bad6918dfe76b785c

Subject of commit:
        PR25961, buffer overflow in coff_swap_aux_in

Testsuite logs (gdb.sum, gdb.log and others):
        https://gdb-buildbot.osci.io/results/Fedora-x86_64-cc-with-index/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c/

*** Diff to previous build ***
==============================================
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: inner_threads: 3rd stop: print i
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: inner_threads: 3rd stop: print j
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: single_scope: first thread: print i3
==============================================

*** Complete list of XFAILs for this builder ***

To obtain the list of XFAIL tests for this builder, go to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-cc-with-index/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c//xfail.gz>

You can also see a pretty-printed version of the list, with more information
about each XFAIL, by going to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-cc-with-index/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c//xfail.table.gz>

Failures on Fedora-x86_64-m32, branch master

[gdb-buildbot]

Buildername:
        Fedora-x86_64-m32

Worker:
        fedora-x86-64-4

Full Build URL:
	https://gdb-buildbot.osci.io/#builders/17/builds/3074

Author:
        Alan Modra <amodra@gmail.com>

Commit tested:
        4d5acb1ea570f04f8020338bad6918dfe76b785c

Subject of commit:
        PR25961, buffer overflow in coff_swap_aux_in

Testsuite logs (gdb.sum, gdb.log and others):
        https://gdb-buildbot.osci.io/results/Fedora-x86_64-m32/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c/

*** Diff to previous build ***
==============================================
PASS -> KFAIL: gdb.threads/non-ldr-exit.exp: program exits normally
==============================================

*** Complete list of XFAILs for this builder ***

To obtain the list of XFAIL tests for this builder, go to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-m32/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c//xfail.gz>

You can also see a pretty-printed version of the list, with more information
about each XFAIL, by going to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-m32/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c//xfail.table.gz>

Failures on Fedora-x86_64-native-extended-gdbserver-m32, branch master

[gdb-buildbot]

Buildername:
        Fedora-x86_64-native-extended-gdbserver-m32

Worker:
        fedora-x86-64-4

Full Build URL:
	https://gdb-buildbot.osci.io/#builders/4/builds/2969

Author:
        Alan Modra <amodra@gmail.com>

Commit tested:
        4d5acb1ea570f04f8020338bad6918dfe76b785c

Subject of commit:
        PR25961, buffer overflow in coff_swap_aux_in

Testsuite logs (gdb.sum, gdb.log and others):
        https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-extended-gdbserver-m32/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c/

*** Diff to previous build ***
==============================================
PASS -> FAIL: gdb.multi/multi-re-run.exp: re_run_inf=2: iter=1: continue until exit
PASS -> FAIL: gdb.multi/multi-re-run.exp: re_run_inf=2: iter=1: print re_run_var_2
new UNRESOLVED: gdb.multi/multi-re-run.exp: re_run_inf=2: iter=2: delete all breakpoints in delete_breakpoints
PASS -> UNRESOLVED: gdb.multi/multi-re-run.exp: re_run_inf=2: iter=2: setting breakpoint at all_started
==============================================

*** Complete list of XFAILs for this builder ***

To obtain the list of XFAIL tests for this builder, go to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-extended-gdbserver-m32/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c//xfail.gz>

You can also see a pretty-printed version of the list, with more information
about each XFAIL, by going to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-extended-gdbserver-m32/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c//xfail.table.gz>

Failures on Fedora-x86_64-native-extended-gdbserver-m64, branch master

[gdb-buildbot]

Buildername:
        Fedora-x86_64-native-extended-gdbserver-m64

Worker:
        fedora-x86-64-3

Full Build URL:
	https://gdb-buildbot.osci.io/#builders/2/builds/2971

Author:
        Alan Modra <amodra@gmail.com>

Commit tested:
        4d5acb1ea570f04f8020338bad6918dfe76b785c

Subject of commit:
        PR25961, buffer overflow in coff_swap_aux_in

Testsuite logs (gdb.sum, gdb.log and others):
        https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-extended-gdbserver-m64/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c/

*** Diff to previous build ***
==============================================
FAIL -> UNRESOLVED: gdb.threads/fork-plus-threads.exp: detach-on-fork=off: inferior 1 exited
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: multi_scope: second thread: print i02
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: multi_scope: second thread: print i12
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: multi_scope: second thread: print i22
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_func: 1st call: 2nd thread: print k
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_func: 1st call: 2nd thread: print r
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_func: 1st call: 2nd thread: print z
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: inner_threads: 3rd stop: print i
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: inner_threads: 3rd stop: print j
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: single_scope: second thread: print i3
==============================================

*** Complete list of XFAILs for this builder ***

To obtain the list of XFAIL tests for this builder, go to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-extended-gdbserver-m64/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c//xfail.gz>

You can also see a pretty-printed version of the list, with more information
about each XFAIL, by going to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-extended-gdbserver-m64/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c//xfail.table.gz>

Failures on Fedora-x86_64-native-gdbserver-m32, branch master

[gdb-buildbot]

Buildername:
        Fedora-x86_64-native-gdbserver-m32

Worker:
        fedora-x86-64-4

Full Build URL:
	https://gdb-buildbot.osci.io/#builders/24/builds/2983

Author:
        Alan Modra <amodra@gmail.com>

Commit tested:
        4d5acb1ea570f04f8020338bad6918dfe76b785c

Subject of commit:
        PR25961, buffer overflow in coff_swap_aux_in

Testsuite logs (gdb.sum, gdb.log and others):
        https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-gdbserver-m32/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c/

*** Diff to previous build ***
==============================================
PASS -> KFAIL: gdb.threads/process-dies-while-handling-bp.exp: non_stop=off: cond_bp_target=0: inferior 1 exited
==============================================

*** Complete list of XFAILs for this builder ***

To obtain the list of XFAIL tests for this builder, go to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-gdbserver-m32/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c//xfail.gz>

You can also see a pretty-printed version of the list, with more information
about each XFAIL, by going to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-gdbserver-m32/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c//xfail.table.gz>

Failures on Fedora-x86_64-native-gdbserver-m64, branch master

[gdb-buildbot]

Buildername:
        Fedora-x86_64-native-gdbserver-m64

Worker:
        fedora-x86-64-3

Full Build URL:
	https://gdb-buildbot.osci.io/#builders/22/builds/2981

Author:
        Alan Modra <amodra@gmail.com>

Commit tested:
        4d5acb1ea570f04f8020338bad6918dfe76b785c

Subject of commit:
        PR25961, buffer overflow in coff_swap_aux_in

Testsuite logs (gdb.sum, gdb.log and others):
        https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-gdbserver-m64/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c/

*** Diff to previous build ***
==============================================
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: inner_threads: 3rd stop: print i
PASS -> KFAIL: gdb.threads/omp-par-scope.exp: nested_parallel: inner_threads: 3rd stop: print j
==============================================

*** Complete list of XFAILs for this builder ***

To obtain the list of XFAIL tests for this builder, go to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-gdbserver-m64/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c//xfail.gz>

You can also see a pretty-printed version of the list, with more information
about each XFAIL, by going to:

        <https://gdb-buildbot.osci.io/results/Fedora-x86_64-native-gdbserver-m64/4d/4d5acb1ea570f04f8020338bad6918dfe76b785c//xfail.table.gz>