diff options
| author | Alan Modra <amodra@gmail.com> | 2022-10-29 14:16:29 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2022-10-29 15:23:58 +1030 |
| commit | bb94ac4f95dd11c87d84eea533fe4f3218a48583 (patch) | |
| tree | 52bbffbb1de5fc21ac93e450f473c2eba62802b9 | |
| parent | c5d4b1b6046a77b04ad180d0974221371779599a (diff) | |
| download | gdb-bb94ac4f95dd11c87d84eea533fe4f3218a48583.zip gdb-bb94ac4f95dd11c87d84eea533fe4f3218a48583.tar.gz gdb-bb94ac4f95dd11c87d84eea533fe4f3218a48583.tar.bz2 | |
pef: sanity check before malloc
And do the sanity check in a way that can't overflow.
* pef.c (bfd_pef_parse_function_stubs): Sanity check header
imported_library_count and total_imported_symbol_count before
allocating memory.
| -rw-r--r-- | bfd/pef.c | 12 |
1 files changed, 7 insertions, 5 deletions
@@ -751,6 +751,13 @@ bfd_pef_parse_function_stubs (bfd *abfd, if (ret < 0) goto error; + if ((loaderlen - 56) / 24 < header.imported_library_count) + goto error; + + if ((loaderlen - 56 - header.imported_library_count * 24) / 4 + < header.total_imported_symbol_count) + goto error; + libraries = bfd_malloc (header.imported_library_count * sizeof (bfd_pef_imported_library)); imports = bfd_malloc @@ -758,8 +765,6 @@ bfd_pef_parse_function_stubs (bfd *abfd, if (libraries == NULL || imports == NULL) goto error; - if (loaderlen < (56 + (header.imported_library_count * 24))) - goto error; for (i = 0; i < header.imported_library_count; i++) { ret = bfd_pef_parse_imported_library @@ -768,9 +773,6 @@ bfd_pef_parse_function_stubs (bfd *abfd, goto error; } - if (loaderlen < (56 + (header.imported_library_count * 24) - + (header.total_imported_symbol_count * 4))) - goto error; for (i = 0; i < header.total_imported_symbol_count; i++) { ret = (bfd_pef_parse_imported_symbol |