More fixes for memory access violations triggered by fuzzed binaries.

	PR binutils/17512
	* objdump.c (display_any_bfd): Avoid infinite loop closing and
	opening the same archive again and again.

	* archive64.c (bfd_elf64_archive_slurp_armap): Add range checks.
	* libbfd.c (safe_read_leb128): New function.
	* libbfd-in.h (safe_read_leb128): Add prototype.
	* libbfd.h: Regenerate.
	* elf-attrs.c (_bfd_elf_parse_attributes): Use safe_read_leb128.
	Check for an over-long subsection length.
	* elf.c (elf_parse_notes): Check that the namedata is long enough
	for the string comparison that is about to be performed.
	(elf_read_notes): Zero-terminate the note buffer.

2 files changed, 15 insertions, 1 deletions

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 7404a15df0..845eed4754 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2014-12-09  Nick Clifton  <nickc@redhat.com>
+
+	PR binutils/17512
+	* objdump.c (display_any_bfd): Avoid infinite loop closing and
+	opening the same archive again and again.
+
 2014-12-09  Chen Gang  <gang.chen.5i5j@gmail.com>
 
 	* windres.c (open_file_search): Free path buffer on failure.
diff --git a/binutils/objdump.c b/binutils/objdump.c
index b43d11171d..ee3a0840f0 100644
--- a/binutils/objdump.c
+++ b/binutils/objdump.c
@@ -3426,7 +3426,15 @@ display_any_bfd (bfd *file, int level)
 	  display_any_bfd (arfile, level + 1);
 
 	  if (last_arfile != NULL)
-	    bfd_close (last_arfile);
+	    {
+	      bfd_close (last_arfile);
+	      /* PR 17512: file: ac585d01.  */
+	      if (arfile == last_arfile)
+		{
+		  last_arfile = NULL;
+		  break;
+		}
+	    }
 	  last_arfile = arfile;
 	}