diff options
| author | Nick Clifton <nickc@redhat.com> | 2018-11-30 11:45:33 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2018-11-30 11:45:33 +0000 |
| commit | 5f60af5d24d181371d67534fa273dd221df20c07 (patch) | |
| tree | c5b15b6804f1c339e30a70826eeb2f073c51958b | |
| parent | beab453223769279cc1cef68a1622ab8978641f7 (diff) | |
| download | gdb-5f60af5d24d181371d67534fa273dd221df20c07.zip gdb-5f60af5d24d181371d67534fa273dd221df20c07.tar.gz gdb-5f60af5d24d181371d67534fa273dd221df20c07.tar.bz2 | |
Fix a memory exhaustion bug when attempting to allocate room for an impossible number of program headers.
* elfcode.h (elf_object_p): Check for corrupt input files with
more program headers than can actually fit in the file.
| -rw-r--r-- | bfd/ChangeLog | 5 | ||||
| -rw-r--r-- | bfd/elfcode.h | 5 |
2 files changed, 10 insertions, 0 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 6ea4835..f99b085 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,5 +1,10 @@ 2018-11-30 Nick Clifton <nickc@redhat.com> + * elfcode.h (elf_object_p): Check for corrupt input files with + more program headers than can actually fit in the file. + +2018-11-30 Nick Clifton <nickc@redhat.com> + PR 23932 * elf.c (IS_CONTAINED_BY_LMA): Add a check for a negative section size. diff --git a/bfd/elfcode.h b/bfd/elfcode.h index f224c8b..16ed8e5 100644 --- a/bfd/elfcode.h +++ b/bfd/elfcode.h @@ -784,6 +784,11 @@ elf_object_p (bfd *abfd) if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr)) goto got_wrong_format_error; #endif + /* Check for a corrupt input file with an impossibly large number + of program headers. */ + if (bfd_get_file_size (abfd) > 0 + && i_ehdrp->e_phnum > bfd_get_file_size (abfd)) + goto got_no_match; amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr); elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt); if (elf_tdata (abfd)->phdr == NULL) |