aboutsummaryrefslogtreecommitdiff
path: root/gprof
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2016-08-30 13:51:43 +0100
committerNick Clifton <nickc@redhat.com>2016-08-30 13:51:43 +0100
commitc616591359a014fcfdb5acb48e70ecda0823fb46 (patch)
tree3c06960c3eed4747c00dc38455b7faa36a63d60f /gprof
parent00927233079d1d65826fd611019e9167706b9ec6 (diff)
downloadgdb-c616591359a014fcfdb5acb48e70ecda0823fb46.zip
gdb-c616591359a014fcfdb5acb48e70ecda0823fb46.tar.gz
gdb-c616591359a014fcfdb5acb48e70ecda0823fb46.tar.bz2
Partially revert previous delta - move limit testing code to first scan over symbol file.
PR gprof/20499 * corefile.c (num_of_syms_in): Return an unsigned int. Fail if the count exceeds the maximum possible allocatable size. (core_create_syms_from): Exit early if num_of_syms_in returns a failure code.
Diffstat (limited to 'gprof')
-rw-r--r--gprof/ChangeLog7
-rw-r--r--gprof/corefile.c20
2 files changed, 12 insertions, 15 deletions
diff --git a/gprof/ChangeLog b/gprof/ChangeLog
index e5afbf6..176a8f9 100644
--- a/gprof/ChangeLog
+++ b/gprof/ChangeLog
@@ -2,10 +2,9 @@
PR gprof/20499
* corefile.c (num_of_syms_in): Return an unsigned int.
- (core_create_syms_from): Catch a possible integer overflow
- computing the argument to xmalloc. Also allow for the possibility
- that an integer overflow in num_of_syms_in means that less space
- has been allocated than expected.
+ Fail if the count exceeds the maximum possible allocatable size.
+ (core_create_syms_from): Exit early if num_of_syms_in returns a
+ failure code.
2016-08-23 Nick Clifton <nickc@redhat.com>
diff --git a/gprof/corefile.c b/gprof/corefile.c
index e165da2..87de7bc 100644
--- a/gprof/corefile.c
+++ b/gprof/corefile.c
@@ -28,6 +28,7 @@
#include "hist.h"
#include "corefile.h"
#include "safe-ctype.h"
+#include <limits.h> /* For UINT_MAX. */
bfd *core_bfd;
static int core_num_syms;
@@ -500,7 +501,11 @@ num_of_syms_in (FILE * f)
{
if (sscanf (buf, "%" STR_BUFSIZE "s %c %" STR_BUFSIZE "s", address, &type, name) == 3)
if (type == 't' || type == 'T')
- ++num;
+ {
+ /* PR 20499 - prevent integer overflow computing argument to xmalloc. */
+ if (++num >= UINT_MAX / sizeof (Sym))
+ return -1U;
+ }
}
return num;
@@ -531,11 +536,10 @@ core_create_syms_from (const char * sym_table_file)
fprintf (stderr, _("%s: file `%s' has no symbols\n"), whoami, sym_table_file);
done (1);
}
- /* PR 20499 - prevent integer overflow computing argument to xmalloc. */
- else if ((symtab.len * (unsigned) sizeof (Sym)) < symtab.len)
+ else if (symtab.len == -1U)
{
- fprintf (stderr, _("%s: file `%s' has too many symbols: %u\n"),
- whoami, sym_table_file, symtab.len);
+ fprintf (stderr, _("%s: file `%s' has too many symbols\n"),
+ whoami, sym_table_file);
done (1);
}
@@ -571,12 +575,6 @@ core_create_syms_from (const char * sym_table_file)
max_vma = MAX (symtab.limit->addr, max_vma);
++symtab.limit;
- /* PR 20499 - it is theoretically possible that there are so many
- symbols in the file that the scan in num_of_syms_in() wrapped
- around. So be paranoid here and exit the loop if we have
- reached the end of our allocated table. */
- if ((unsigned int)(symtab.limit - symtab.base) == symtab.len)
- break;
}
fclose (f);