diff options
| author | Nick Clifton <nickc@redhat.com> | 2014-10-31 16:36:31 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2014-10-31 16:36:31 +0000 |
| commit | f54498b45795194df671207c6ef3d6cd6d0c0ebb (patch) | |
| tree | 940ab0d69864094f00b010c1c678f3701bb6087f /bfd/elf.c | |
| parent | fe06005387223e8a8b37e49036efe06b4062c7f4 (diff) | |
| download | gdb-f54498b45795194df671207c6ef3d6cd6d0c0ebb.zip gdb-f54498b45795194df671207c6ef3d6cd6d0c0ebb.tar.gz gdb-f54498b45795194df671207c6ef3d6cd6d0c0ebb.tar.bz2 | |
Avoid allocating over-large buffers when parsing corrupt binaries.
PR binutils/17512
* coffgen.c (_bfd_coff_get_external_symbols): Do not try to load a
symbol table bigger than the file.
* elf.c (bfd_elf_get_str_section): Do not try to load a string
table bigger than the file.
* readelf.c (process_program_headers): Avoid memory exhaustion due
to corrupt values in a dynamis segment header.
(get_32bit_elf_symbols): Do not attempt to read an over-large
section.
(get_64bit_elf_symbols): Likewise.
Diffstat (limited to 'bfd/elf.c')
| -rw-r--r-- | bfd/elf.c | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -294,6 +294,11 @@ bfd_elf_get_str_section (bfd *abfd, unsigned int shindex) offset = i_shdrp[shindex]->sh_offset; shstrtabsize = i_shdrp[shindex]->sh_size; + /* PR binutils/17512: Do not even try to load + a string table bigger than the entire file... */ + if (shstrtabsize >= (bfd_size_type) bfd_get_size (abfd)) + return NULL; + /* Allocate and clear an extra byte at the end, to prevent crashes in case the string table is not terminated. */ if (shstrtabsize + 1 <= 1 |