diff options
| author | Nick Clifton <nickc@redhat.com> | 2019-06-28 15:30:43 +0100 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2019-06-28 15:30:43 +0100 |
| commit | 7e56c51c7932cfdb178e9457011d09d53e98937b (patch) | |
| tree | f2396eec4ec8a9ce289c71fdc5ef2c745798dd59 /bfd/compress.c | |
| parent | 781152ec18f56726c750cc0812a740396e4ec820 (diff) | |
| download | binutils-7e56c51c7932cfdb178e9457011d09d53e98937b.zip binutils-7e56c51c7932cfdb178e9457011d09d53e98937b.tar.gz binutils-7e56c51c7932cfdb178e9457011d09d53e98937b.tar.bz2 | |
Prevent attempts to allocate excessive amounts of memory when parsing corrupt ELF files.
PR 24708
* elf.c (_bfd_elf_slurp_version_tables): Check for an excessively
large version reference section.
* compress.c (bfd_get_full_section_contents): Check for an
uncompressed section whose size is larger than the file size.
Diffstat (limited to 'bfd/compress.c')
| -rw-r--r-- | bfd/compress.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/bfd/compress.c b/bfd/compress.c index b5db7a7..cba281d 100644 --- a/bfd/compress.c +++ b/bfd/compress.c @@ -250,6 +250,23 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr) case COMPRESS_SECTION_NONE: if (p == NULL) { + ufile_ptr filesize = bfd_get_file_size (abfd); + if (filesize > 0 + && filesize < sz + /* The MMO file format supports its own special compression + technique, but it uses COMPRESS_SECTION_NONE when loading + a section's contents. */ + && bfd_get_flavour (abfd) != bfd_target_mmo_flavour) + { + /* PR 24708: Avoid attempts to allocate a ridiculous amount + of memory. */ + bfd_set_error (bfd_error_no_memory); + _bfd_error_handler + /* xgettext:c-format */ + (_("error: %pB(%pA) section size (%#" PRIx64 " bytes) is larger than file size (%#" PRIx64 " bytes)"), + abfd, sec, (uint64_t) sz, (uint64_t) filesize); + return FALSE; + } p = (bfd_byte *) bfd_malloc (sz); if (p == NULL) { |