mirror of
https://github.com/espressif/binutils-gdb.git
synced 2025-06-20 09:58:19 +08:00
Fix potential illegal memory access failures in the BFD library by ensuring that the return value from bfd_malloc() is checked before it is used.
PR 25308 * elf-properties.c (_bfd_elf_convert_gnu_properties): Check the return value from bfd_malloc. * elf32-arm.c (bfd_elf32_arm_vfp11_fix_veneer_locations): Likewise. (bfd_elf32_arm_stm32l4xx_fix_veneer_locations): Likewise. (elf32_arm_filter_cmse_symbols): Likewise. (elf32_arm_write_section): Likewise. * mach-o.c (bfd_mach_o_core_fetch_environment): Likewise. (bfd_mach_o_follow_dsym): Likewise. * pef.c (bfd_pef_print_loader_section): Likewise. (bfd_pef_scan_start_address): Likewise. (bfd_pef_parse_function_stubs): Likewise. (bfd_pef_parse_symbols): Likewise.
This commit is contained in:
Nick Clifton
@ -1,3 +1,19 @@
|
|||||||
|
2020-01-03 Nick Clifton <nickc@redhat.com>
|
||||||
|
|
||||||
|
PR 25308
|
||||||
|
* elf-properties.c (_bfd_elf_convert_gnu_properties): Check the
|
||||||
|
return value from bfd_malloc.
|
||||||
|
* elf32-arm.c (bfd_elf32_arm_vfp11_fix_veneer_locations): Likewise.
|
||||||
|
(bfd_elf32_arm_stm32l4xx_fix_veneer_locations): Likewise.
|
||||||
|
(elf32_arm_filter_cmse_symbols): Likewise.
|
||||||
|
(elf32_arm_write_section): Likewise.
|
||||||
|
* mach-o.c (bfd_mach_o_core_fetch_environment): Likewise.
|
||||||
|
(bfd_mach_o_follow_dsym): Likewise.
|
||||||
|
* pef.c (bfd_pef_print_loader_section): Likewise.
|
||||||
|
(bfd_pef_scan_start_address): Likewise.
|
||||||
|
(bfd_pef_parse_function_stubs): Likewise.
|
||||||
|
(bfd_pef_parse_symbols): Likewise.
|
||||||
|
|
||||||
2020-01-03 Sergei Trofimovich <siarheit@google.com>
|
2020-01-03 Sergei Trofimovich <siarheit@google.com>
|
||||||
|
|
||||||
* elfnn-ia64.c (elfNN_ia64_merge_private_bfd_data): don't fail
|
* elfnn-ia64.c (elfNN_ia64_merge_private_bfd_data): don't fail
|
||||||
|
|||||||
@ -703,6 +703,8 @@ _bfd_elf_convert_gnu_properties (bfd *ibfd, asection *isec,
|
|||||||
if (size > bfd_section_size (isec))
|
if (size > bfd_section_size (isec))
|
||||||
{
|
{
|
||||||
contents = (bfd_byte *) bfd_malloc (size);
|
contents = (bfd_byte *) bfd_malloc (size);
|
||||||
|
if (contents == NULL)
|
||||||
|
return FALSE;
|
||||||
free (*ptr);
|
free (*ptr);
|
||||||
*ptr = contents;
|
*ptr = contents;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -7148,7 +7148,6 @@ find_arm_glue (struct bfd_link_info *link_info,
|
|||||||
|
|
||||||
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen (name)
|
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen (name)
|
||||||
+ strlen (ARM2THUMB_GLUE_ENTRY_NAME) + 1);
|
+ strlen (ARM2THUMB_GLUE_ENTRY_NAME) + 1);
|
||||||
|
|
||||||
BFD_ASSERT (tmp_name);
|
BFD_ASSERT (tmp_name);
|
||||||
|
|
||||||
sprintf (tmp_name, ARM2THUMB_GLUE_ENTRY_NAME, name);
|
sprintf (tmp_name, ARM2THUMB_GLUE_ENTRY_NAME, name);
|
||||||
@ -7323,7 +7322,6 @@ record_arm_to_thumb_glue (struct bfd_link_info * link_info,
|
|||||||
|
|
||||||
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen (name)
|
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen (name)
|
||||||
+ strlen (ARM2THUMB_GLUE_ENTRY_NAME) + 1);
|
+ strlen (ARM2THUMB_GLUE_ENTRY_NAME) + 1);
|
||||||
|
|
||||||
BFD_ASSERT (tmp_name);
|
BFD_ASSERT (tmp_name);
|
||||||
|
|
||||||
sprintf (tmp_name, ARM2THUMB_GLUE_ENTRY_NAME, name);
|
sprintf (tmp_name, ARM2THUMB_GLUE_ENTRY_NAME, name);
|
||||||
@ -7401,7 +7399,6 @@ record_arm_bx_glue (struct bfd_link_info * link_info, int reg)
|
|||||||
/* Add symbol for veneer. */
|
/* Add symbol for veneer. */
|
||||||
tmp_name = (char *)
|
tmp_name = (char *)
|
||||||
bfd_malloc ((bfd_size_type) strlen (ARM_BX_GLUE_ENTRY_NAME) + 1);
|
bfd_malloc ((bfd_size_type) strlen (ARM_BX_GLUE_ENTRY_NAME) + 1);
|
||||||
|
|
||||||
BFD_ASSERT (tmp_name);
|
BFD_ASSERT (tmp_name);
|
||||||
|
|
||||||
sprintf (tmp_name, ARM_BX_GLUE_ENTRY_NAME, reg);
|
sprintf (tmp_name, ARM_BX_GLUE_ENTRY_NAME, reg);
|
||||||
@ -7493,7 +7490,6 @@ record_vfp11_erratum_veneer (struct bfd_link_info *link_info,
|
|||||||
|
|
||||||
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen
|
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen
|
||||||
(VFP11_ERRATUM_VENEER_ENTRY_NAME) + 10);
|
(VFP11_ERRATUM_VENEER_ENTRY_NAME) + 10);
|
||||||
|
|
||||||
BFD_ASSERT (tmp_name);
|
BFD_ASSERT (tmp_name);
|
||||||
|
|
||||||
sprintf (tmp_name, VFP11_ERRATUM_VENEER_ENTRY_NAME,
|
sprintf (tmp_name, VFP11_ERRATUM_VENEER_ENTRY_NAME,
|
||||||
@ -7613,7 +7609,6 @@ record_stm32l4xx_erratum_veneer (struct bfd_link_info *link_info,
|
|||||||
|
|
||||||
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen
|
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen
|
||||||
(STM32L4XX_ERRATUM_VENEER_ENTRY_NAME) + 10);
|
(STM32L4XX_ERRATUM_VENEER_ENTRY_NAME) + 10);
|
||||||
|
|
||||||
BFD_ASSERT (tmp_name);
|
BFD_ASSERT (tmp_name);
|
||||||
|
|
||||||
sprintf (tmp_name, STM32L4XX_ERRATUM_VENEER_ENTRY_NAME,
|
sprintf (tmp_name, STM32L4XX_ERRATUM_VENEER_ENTRY_NAME,
|
||||||
@ -8644,6 +8639,7 @@ bfd_elf32_arm_vfp11_fix_veneer_locations (bfd *abfd,
|
|||||||
|
|
||||||
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen
|
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen
|
||||||
(VFP11_ERRATUM_VENEER_ENTRY_NAME) + 10);
|
(VFP11_ERRATUM_VENEER_ENTRY_NAME) + 10);
|
||||||
|
BFD_ASSERT (tmp_name);
|
||||||
|
|
||||||
for (sec = abfd->sections; sec != NULL; sec = sec->next)
|
for (sec = abfd->sections; sec != NULL; sec = sec->next)
|
||||||
{
|
{
|
||||||
@ -8731,6 +8727,7 @@ bfd_elf32_arm_stm32l4xx_fix_veneer_locations (bfd *abfd,
|
|||||||
|
|
||||||
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen
|
tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen
|
||||||
(STM32L4XX_ERRATUM_VENEER_ENTRY_NAME) + 10);
|
(STM32L4XX_ERRATUM_VENEER_ENTRY_NAME) + 10);
|
||||||
|
BFD_ASSERT (tmp_name);
|
||||||
|
|
||||||
for (sec = abfd->sections; sec != NULL; sec = sec->next)
|
for (sec = abfd->sections; sec != NULL; sec = sec->next)
|
||||||
{
|
{
|
||||||
@ -18505,6 +18502,8 @@ elf32_arm_filter_cmse_symbols (bfd *abfd ATTRIBUTE_UNUSED,
|
|||||||
|
|
||||||
maxnamelen = 128;
|
maxnamelen = 128;
|
||||||
cmse_name = (char *) bfd_malloc (maxnamelen);
|
cmse_name = (char *) bfd_malloc (maxnamelen);
|
||||||
|
BFD_ASSERT (cmse_name);
|
||||||
|
|
||||||
for (src_count = 0; src_count < symcount; src_count++)
|
for (src_count = 0; src_count < symcount; src_count++)
|
||||||
{
|
{
|
||||||
struct elf32_arm_link_hash_entry *cmse_hash;
|
struct elf32_arm_link_hash_entry *cmse_hash;
|
||||||
@ -19700,6 +19699,8 @@ elf32_arm_write_section (bfd *output_bfd,
|
|||||||
unsigned int in_index, out_index;
|
unsigned int in_index, out_index;
|
||||||
bfd_vma add_to_offsets = 0;
|
bfd_vma add_to_offsets = 0;
|
||||||
|
|
||||||
|
if (edited_contents == NULL)
|
||||||
|
return FALSE;
|
||||||
for (in_index = 0, out_index = 0; in_index * 8 < input_size || edit_node;)
|
for (in_index = 0, out_index = 0; in_index * 8 < input_size || edit_node;)
|
||||||
{
|
{
|
||||||
if (edit_node)
|
if (edit_node)
|
||||||
|
|||||||
@ -5752,6 +5752,8 @@ bfd_mach_o_core_fetch_environment (bfd *abfd,
|
|||||||
unsigned char *buf = bfd_malloc (1024);
|
unsigned char *buf = bfd_malloc (1024);
|
||||||
unsigned long size = 1024;
|
unsigned long size = 1024;
|
||||||
|
|
||||||
|
if (buf == NULL)
|
||||||
|
return -1;
|
||||||
for (;;)
|
for (;;)
|
||||||
{
|
{
|
||||||
bfd_size_type nread = 0;
|
bfd_size_type nread = 0;
|
||||||
@ -5797,6 +5799,8 @@ bfd_mach_o_core_fetch_environment (bfd *abfd,
|
|||||||
bottom = seg->fileoff + seg->filesize - offset;
|
bottom = seg->fileoff + seg->filesize - offset;
|
||||||
top = seg->fileoff + seg->filesize - 4;
|
top = seg->fileoff + seg->filesize - 4;
|
||||||
*rbuf = bfd_malloc (top - bottom);
|
*rbuf = bfd_malloc (top - bottom);
|
||||||
|
if (*rbuf == NULL)
|
||||||
|
return -1;
|
||||||
*rlen = top - bottom;
|
*rlen = top - bottom;
|
||||||
|
|
||||||
memcpy (*rbuf, buf + size - *rlen, *rlen);
|
memcpy (*rbuf, buf + size - *rlen, *rlen);
|
||||||
@ -5941,6 +5945,9 @@ bfd_mach_o_follow_dsym (bfd *abfd)
|
|||||||
dsym_filename = (char *)bfd_malloc (strlen (base_bfd->filename)
|
dsym_filename = (char *)bfd_malloc (strlen (base_bfd->filename)
|
||||||
+ strlen (dsym_subdir) + 1
|
+ strlen (dsym_subdir) + 1
|
||||||
+ strlen (base_basename) + 1);
|
+ strlen (base_basename) + 1);
|
||||||
|
if (dsym_filename == NULL)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
sprintf (dsym_filename, "%s%s/%s",
|
sprintf (dsym_filename, "%s%s/%s",
|
||||||
base_bfd->filename, dsym_subdir, base_basename);
|
base_bfd->filename, dsym_subdir, base_basename);
|
||||||
|
|
||||||
|
|||||||
11
bfd/pef.c
11
bfd/pef.c
@ -447,6 +447,8 @@ bfd_pef_print_loader_section (bfd *abfd, FILE *file)
|
|||||||
|
|
||||||
loaderlen = loadersec->size;
|
loaderlen = loadersec->size;
|
||||||
loaderbuf = bfd_malloc (loaderlen);
|
loaderbuf = bfd_malloc (loaderlen);
|
||||||
|
if (loaderbuf == NULL)
|
||||||
|
return -1;
|
||||||
|
|
||||||
if (bfd_seek (abfd, loadersec->filepos, SEEK_SET) < 0
|
if (bfd_seek (abfd, loadersec->filepos, SEEK_SET) < 0
|
||||||
|| bfd_bread ((void *) loaderbuf, loaderlen, abfd) != loaderlen
|
|| bfd_bread ((void *) loaderbuf, loaderlen, abfd) != loaderlen
|
||||||
@ -478,6 +480,9 @@ bfd_pef_scan_start_address (bfd *abfd)
|
|||||||
|
|
||||||
loaderlen = loadersec->size;
|
loaderlen = loadersec->size;
|
||||||
loaderbuf = bfd_malloc (loaderlen);
|
loaderbuf = bfd_malloc (loaderlen);
|
||||||
|
if (loaderbuf == NULL)
|
||||||
|
goto end;
|
||||||
|
|
||||||
if (bfd_seek (abfd, loadersec->filepos, SEEK_SET) < 0)
|
if (bfd_seek (abfd, loadersec->filepos, SEEK_SET) < 0)
|
||||||
goto error;
|
goto error;
|
||||||
if (bfd_bread ((void *) loaderbuf, loaderlen, abfd) != loaderlen)
|
if (bfd_bread ((void *) loaderbuf, loaderlen, abfd) != loaderlen)
|
||||||
@ -753,6 +758,8 @@ bfd_pef_parse_function_stubs (bfd *abfd,
|
|||||||
(header.imported_library_count * sizeof (bfd_pef_imported_library));
|
(header.imported_library_count * sizeof (bfd_pef_imported_library));
|
||||||
imports = bfd_malloc
|
imports = bfd_malloc
|
||||||
(header.total_imported_symbol_count * sizeof (bfd_pef_imported_symbol));
|
(header.total_imported_symbol_count * sizeof (bfd_pef_imported_symbol));
|
||||||
|
if (libraries == NULL || imports == NULL)
|
||||||
|
goto error;
|
||||||
|
|
||||||
if (loaderlen < (56 + (header.imported_library_count * 24)))
|
if (loaderlen < (56 + (header.imported_library_count * 24)))
|
||||||
goto error;
|
goto error;
|
||||||
@ -897,6 +904,8 @@ bfd_pef_parse_symbols (bfd *abfd, asymbol **csym)
|
|||||||
{
|
{
|
||||||
codelen = codesec->size;
|
codelen = codesec->size;
|
||||||
codebuf = bfd_malloc (codelen);
|
codebuf = bfd_malloc (codelen);
|
||||||
|
if (codebuf == NULL)
|
||||||
|
goto end;
|
||||||
if (bfd_seek (abfd, codesec->filepos, SEEK_SET) < 0)
|
if (bfd_seek (abfd, codesec->filepos, SEEK_SET) < 0)
|
||||||
goto end;
|
goto end;
|
||||||
if (bfd_bread ((void *) codebuf, codelen, abfd) != codelen)
|
if (bfd_bread ((void *) codebuf, codelen, abfd) != codelen)
|
||||||
@ -908,6 +917,8 @@ bfd_pef_parse_symbols (bfd *abfd, asymbol **csym)
|
|||||||
{
|
{
|
||||||
loaderlen = loadersec->size;
|
loaderlen = loadersec->size;
|
||||||
loaderbuf = bfd_malloc (loaderlen);
|
loaderbuf = bfd_malloc (loaderlen);
|
||||||
|
if (loaderbuf == NULL)
|
||||||
|
goto end;
|
||||||
if (bfd_seek (abfd, loadersec->filepos, SEEK_SET) < 0)
|
if (bfd_seek (abfd, loadersec->filepos, SEEK_SET) < 0)
|
||||||
goto end;
|
goto end;
|
||||||
if (bfd_bread ((void *) loaderbuf, loaderlen, abfd) != loaderlen)
|
if (bfd_bread ((void *) loaderbuf, loaderlen, abfd) != loaderlen)
|
||||||
|
|||||||
Reference in New Issue
Block a user