espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-28 07:08:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

Prevent an illegal memory access by objdump when parsing a corrupt file on a 32-bit host.

Browse Source 
PR 24360
	* objdump.c (load_specific_debug_section): Check that the amount
	of memory to be allocated matches the size of the section.
This commit is contained in:
Nick Clifton
2019-03-19 13:39:30 +00:00
parent 392a59728b
commit 634557801d
2 changed files with 15 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
binutils/ChangeLog
View File

@ -1,3 +1,9 @@
2019-03-19 Nick Clifton <nickc@redhat.com>
PR 24360
* objdump.c (load_specific_debug_section): Check that the amount
of memory to be allocated matches the size of the section.
2019-03-13 Sudakshina Das <sudi.das@arm.com> 2019-03-13 Sudakshina Das <sudi.das@arm.com>
* readelf.c (get_aarch64_dynamic_type): Add case for * readelf.c (get_aarch64_dynamic_type): Add case for

10
binutils/objdump.c
View File

@ -383,7 +383,7 @@ static const char *
sanitize_string (const char * in) sanitize_string (const char * in)
{ {
static char * buffer = NULL; static char * buffer = NULL;
static unsigned int buffer_len = 0; static size_t buffer_len = 0;
const char * original = in; const char * original = in;
char * out; char * out;
@ -2679,6 +2679,7 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
bfd *abfd = (bfd *) file; bfd *abfd = (bfd *) file;
bfd_byte *contents; bfd_byte *contents;
bfd_size_type amt; bfd_size_type amt;
size_t alloced;
if (section->start != NULL) if (section->start != NULL)
{ {
@ -2694,8 +2695,9 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
section->address = bfd_get_section_vma (abfd, sec); section->address = bfd_get_section_vma (abfd, sec);
section->user_data = sec; section->user_data = sec;
section->size = bfd_get_section_size (sec); section->size = bfd_get_section_size (sec);
amt = section->size + 1; /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */
if (amt == 0) alloced = amt = section->size + 1;
if (alloced != amt || alloced == 0)
{ {
section->start = NULL; section->start = NULL;
free_debug_section (debug); free_debug_section (debug);
@ -2704,7 +2706,7 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
(unsigned long long) section->size); (unsigned long long) section->size);
return FALSE; return FALSE;
} }
section->start = contents = malloc (amt); section->start = contents = malloc (alloced);
if (section->start == NULL if (section->start == NULL
|| !bfd_get_full_section_contents (abfd, sec, &contents)) || !bfd_get_full_section_contents (abfd, sec, &contents))
{ {