public inbox for gdb-testers@sourceware.org
help / color / mirror / Atom feed
From: gdb-buildbot@sergiodj.net
To: gdb-testers@sourceware.org
Subject: [binutils-gdb] som: Don't loop forever reading symbol chains
Date: Tue, 14 Jan 2020 10:51:00 -0000 [thread overview]
Message-ID: <ef4e5ba50c76511d4306edf1526c15269f1d7747@gdb-build> (raw)
*** TEST RESULTS FOR COMMIT ef4e5ba50c76511d4306edf1526c15269f1d7747 ***
commit ef4e5ba50c76511d4306edf1526c15269f1d7747
Author: Alan Modra <amodra@gmail.com>
AuthorDate: Tue Jan 14 10:45:41 2020 +1030
Commit: Alan Modra <amodra@gmail.com>
CommitDate: Tue Jan 14 11:02:37 2020 +1030
som: Don't loop forever reading symbol chains
* som.c (som_bfd_count_ar_symbols): Error when file position
of symbols on chains is not strictly increasing.
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index acb545cd03..75099e91b2 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2020-01-14 Alan Modra <amodra@gmail.com>
+
+ * som.c (som_bfd_count_ar_symbols): Error when file position
+ of symbols on chains is not strictly increasing.
+
2020-01-14 Alan Modra <amodra@gmail.com>
* vms.h (VMS_DEBUG): Define as 0.
diff --git a/bfd/som.c b/bfd/som.c
index 779fd5d388..8e8960ed83 100644
--- a/bfd/som.c
+++ b/bfd/som.c
@@ -5892,8 +5892,8 @@ som_bfd_count_ar_symbols (bfd *abfd,
/* Don't forget to initialize the counter! */
*count = 0;
- /* Read in the hash table. The has table is an array of 32bit file offsets
- which point to the hash chains. */
+ /* Read in the hash table. The hash table is an array of 32-bit
+ file offsets which point to the hash chains. */
amt = (bfd_size_type) lst_header->hash_size * 4;
if (bfd_bread ((void *) hash_table, amt, abfd) != amt)
goto error_return;
@@ -5928,6 +5928,15 @@ som_bfd_count_ar_symbols (bfd *abfd,
if (next_entry == 0)
break;
+ /* Assume symbols on a chain are in increasing file offset
+ order. Otherwise we can loop here with fuzzed input. */
+ if (next_entry < hash_val + sizeof (ext_lst_symbol))
+ {
+ bfd_set_error (bfd_error_bad_value);
+ goto error_return;
+ }
+ hash_val = next_entry;
+
/* Seek to the next symbol. */
if (bfd_seek (abfd, lst_filepos + next_entry, SEEK_SET) != 0)
goto error_return;
next reply other threads:[~2020-01-14 9:29 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-14 10:51 gdb-buildbot [this message]
2020-01-14 10:03 ` Failures on Ubuntu-Aarch64-m64, branch master gdb-buildbot
2020-01-14 11:36 ` Failures on Ubuntu-Aarch64-native-gdbserver-m64, " gdb-buildbot
2020-01-16 14:57 ` Failures on Fedora-i686, " gdb-buildbot
2020-01-16 15:16 ` Failures on Fedora-x86_64-cc-with-index, " gdb-buildbot
2020-01-16 15:22 ` Failures on Fedora-x86_64-m32, " gdb-buildbot
2020-01-16 15:44 ` Failures on Fedora-x86_64-m64, " gdb-buildbot
2020-01-16 16:04 ` Failures on Fedora-x86_64-native-extended-gdbserver-m32, " gdb-buildbot
2020-01-16 16:12 ` Failures on Fedora-x86_64-native-extended-gdbserver-m64, " gdb-buildbot
2020-01-16 16:16 ` Failures on Fedora-x86_64-native-gdbserver-m32, " gdb-buildbot
2020-01-16 16:45 ` Failures on Fedora-x86_64-native-gdbserver-m64, " gdb-buildbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ef4e5ba50c76511d4306edf1526c15269f1d7747@gdb-build \
--to=gdb-buildbot@sergiodj.net \
--cc=gdb-testers@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).