aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Jelinek <jakub@redhat.com>2005-06-14 11:04:22 +0000
committerJakub Jelinek <jakub@redhat.com>2005-06-14 11:04:22 +0000
commit933d961a3c097d7cb4864314df714abacc9b234e (patch)
tree3bf6884f1ce34075ad32569a4ee5f0d8b755f674
parent58b9a773e18e18e7ff086f6f6ff36837d0cc9537 (diff)
downloadgdb-933d961a3c097d7cb4864314df714abacc9b234e.zip
gdb-933d961a3c097d7cb4864314df714abacc9b234e.tar.gz
gdb-933d961a3c097d7cb4864314df714abacc9b234e.tar.bz2
* elf.c (bfd_section_from_shdr): Fail if name is NULL.
Prevent endless recursion on broken objects. * archive.c (do_slurp_coff_armap): Check for overflows.
-rw-r--r--bfd/ChangeLog7
-rw-r--r--bfd/archive.c6
-rw-r--r--bfd/elf.c9
3 files changed, 22 insertions, 0 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 9124020..3de7087 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2005-06-14 Jakub Jelinek <jakub@redhat.com>
+
+ * elf.c (bfd_section_from_shdr): Fail if name is NULL.
+ Prevent endless recursion on broken objects.
+
+ * archive.c (do_slurp_coff_armap): Check for overflows.
+
2005-06-10 Daniel Jacobowitz <dan@codesourcery.com>
* elfcode.h (elf_write_relocs): Do nothing if there are no
diff --git a/bfd/archive.c b/bfd/archive.c
index 7dfe6b6..ce6a332 100644
--- a/bfd/archive.c
+++ b/bfd/archive.c
@@ -821,9 +821,15 @@ do_slurp_coff_armap (bfd *abfd)
/* The coff armap must be read sequentially. So we construct a
bsd-style one in core all at once, for simplicity. */
+ if (nsymz > ~ (bfd_size_type) 0 / sizeof (carsym))
+ return FALSE;
+
carsym_size = (nsymz * sizeof (carsym));
ptrsize = (4 * nsymz);
+ if (carsym_size + stringsize + 1 <= carsym_size)
+ return FALSE;
+
ardata->symdefs = bfd_zalloc (abfd, carsym_size + stringsize + 1);
if (ardata->symdefs == NULL)
return FALSE;
diff --git a/bfd/elf.c b/bfd/elf.c
index 189e099..5d4e1a3 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -1752,6 +1752,8 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex)
name = bfd_elf_string_from_elf_section (abfd,
elf_elfheader (abfd)->e_shstrndx,
hdr->sh_name);
+ if (name == NULL)
+ return FALSE;
switch (hdr->sh_type)
{
@@ -1922,6 +1924,9 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex)
Elf_Internal_Shdr *hdr2 = elf_elfsections (abfd)[i];
if (hdr2->sh_link == shindex)
{
+ /* Prevent endless recursion on broken objects. */
+ if (i == shindex)
+ return FALSE;
if (! bfd_section_from_shdr (abfd, i))
return FALSE;
if (elf_onesymtab (abfd) == i)
@@ -1999,6 +2004,10 @@ bfd_section_from_shdr (bfd *abfd, unsigned int shindex)
return _bfd_elf_make_section_from_shdr (abfd, hdr, name,
shindex);
+ /* Prevent endless recursion on broken objects. */
+ if (elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_REL
+ || elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_RELA)
+ return FALSE;
if (! bfd_section_from_shdr (abfd, hdr->sh_info))
return FALSE;
target_sect = bfd_section_from_elf_index (abfd, hdr->sh_info);