diff options
| author | Nick Clifton <nickc@redhat.com> | 2017-11-28 18:00:29 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2017-11-28 18:00:29 +0000 |
| commit | b0029dce6867de1a2828293177b0e030d2f0f03c (patch) | |
| tree | 43baafd2475e603a017335e492241866e4c48775 /bfd/coffgen.c | |
| parent | ff174d3ffad13af17a61583db3e1cd9c0c6cf237 (diff) | |
| download | fsf-binutils-gdb-b0029dce6867de1a2828293177b0e030d2f0f03c.zip fsf-binutils-gdb-b0029dce6867de1a2828293177b0e030d2f0f03c.tar.gz fsf-binutils-gdb-b0029dce6867de1a2828293177b0e030d2f0f03c.tar.bz2 | |
Prevent a memory exhaustion problem when trying to read in strings from a COFF binary with a corrupt string table size.
PR 22507
* coffgen.c (_bfd_coff_read_string_table): Check for an excessive
size of the external string table.
Diffstat (limited to 'bfd/coffgen.c')
| -rw-r--r-- | bfd/coffgen.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/bfd/coffgen.c b/bfd/coffgen.c index 81efd9b..7798dfc 100644 --- a/bfd/coffgen.c +++ b/bfd/coffgen.c @@ -1718,7 +1718,7 @@ _bfd_coff_read_string_table (bfd *abfd) #endif } - if (strsize < STRING_SIZE_SIZE) + if (strsize < STRING_SIZE_SIZE || strsize > bfd_get_file_size (abfd)) { _bfd_error_handler /* xgettext: c-format */ @@ -1726,7 +1726,7 @@ _bfd_coff_read_string_table (bfd *abfd) bfd_set_error (bfd_error_bad_value); return NULL; } - + strings = (char *) bfd_malloc (strsize + 1); if (strings == NULL) return NULL; |