Fix memory access violations triggered by processing fuzzed binaries with a 32-bit version of readelf, compiled on a 64-bit host.

	PR binutils/17531
	* dwarf.c (xcmalloc): Fail if the arguments are too big.
	(xcrealloc): Likewise.
	(xcalloc2): Likewise.

2 files changed, 23 insertions, 3 deletions

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 6cd306a..9e682c1 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -4,6 +4,11 @@
 	* dwarf.c (display_debug_frames): Fix range checks to work on
 	32-bit binaries complied on a 64-bit host.
 
+	PR binutils/17531
+	* dwarf.c (xcmalloc): Fail if the arguments are too big.
+	(xcrealloc): Likewise.
+	(xcalloc2): Likewise.
+
 2015-02-05  Alan Modra  <amodra@gmail.com>
 
 	PR binutils/17926
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 2edacb8..cebd8c9 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -7217,7 +7217,12 @@ xcmalloc (size_t nmemb, size_t size)
 {
   /* Check for overflow.  */
   if (nmemb >= ~(size_t) 0 / size)
-    return NULL;
+    {
+      fprintf (stderr,
+	       _("Attempt to allocate an array with an excessive number of elements: 0x%lx\n"),
+	       (long) nmemb);
+      xexit (1);
+    }
 
   return xmalloc (nmemb * size);
 }
@@ -7230,7 +7235,12 @@ xcrealloc (void *ptr, size_t nmemb, size_t size)
 {
   /* Check for overflow.  */
   if (nmemb >= ~(size_t) 0 / size)
-    return NULL;
+    {
+      fprintf (stderr,
+	       _("Attempt to re-allocate an array with an excessive number of elements: 0x%lx\n"),
+	       (long) nmemb);
+      xexit (1);
+    }
 
   return xrealloc (ptr, nmemb * size);
 }
@@ -7241,7 +7251,12 @@ xcalloc2 (size_t nmemb, size_t size)
 {
   /* Check for overflow.  */
   if (nmemb >= ~(size_t) 0 / size)
-    return NULL;
+    {
+      fprintf (stderr,
+	       _("Attempt to allocate a zero'ed array with an excessive number of elements: 0x%lx\n"),
+	       (long) nmemb);
+      xexit (1);
+    }
 
   return xcalloc (nmemb, size);
 }