https://sourceware.org/bugzilla/show_bug.cgi?id=23425
--- Comment #16 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Alan Modra <amo...@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0930cb3021b8078b34cf216e79eb8608d017864f commit 0930cb3021b8078b34cf216e79eb8608d017864f Author: Alan Modra <amo...@gmail.com> Date: Sat Oct 13 22:03:02 2018 +1030 _bfd_clear_contents bounds checking This PR shows a fuzzed binary triggering a segfault via a bad relocation in .debug_line. It turns out that unlike normal relocations applied to a section, the linker applies those with symbols from discarded sections via _bfd_clear_contents without checking that the relocation is within the section bounds. The same thing now happens when reading debug sections since commit a4cd947aca23, the PR23425 fix. PR 23770 PR 23425 * reloc.c (_bfd_clear_contents): Replace "location" param with "buf" and "off". Bounds check "off". Return status. * cofflink.c (_bfd_coff_generic_relocate_section): Update _bfd_clear_contents call. * elf-bfd.h (RELOC_AGAINST_DISCARDED_SECTION): Likewise. * elf32-arc.c (elf_arc_relocate_section): Likewise. * elf32-i386.c (elf_i386_relocate_section): Likewise. * elf32-metag.c (metag_final_link_relocate): Likewise. * elf32-nds32.c (nds32_elf_get_relocated_section_contents): Likewise. * elf32-ppc.c (ppc_elf_relocate_section): Likewise. * elf32-visium.c (visium_elf_relocate_section): Likewise. * elf64-ppc.c (ppc64_elf_relocate_section): Likewise. * elf64-x86-64.c *(elf_x86_64_relocate_section): Likewise. * libbfd-in.h (_bfd_clear_contents): Update prototype. * libbfd.h: Regenerate. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
