diff options
| author | Alan Modra <amodra@gmail.com> | 2018-01-25 21:47:41 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2018-01-25 22:05:10 +1030 |
| commit | 38e64b0ecc7f4ee64a02514b8d532782ac057fa2 (patch) | |
| tree | 809083d413de8ca6e26a3e2b3a23faac60879baf | |
| parent | bb363086e7743506d78bc6b1e56face0fb1fc93f (diff) | |
| download | gdb-38e64b0ecc7f4ee64a02514b8d532782ac057fa2.zip gdb-38e64b0ecc7f4ee64a02514b8d532782ac057fa2.tar.gz gdb-38e64b0ecc7f4ee64a02514b8d532782ac057fa2.tar.bz2 | |
PR22746, crash when running 32-bit objdump on corrupted file
Avoid unsigned int overflow by performing bfd_size_type multiplication.
PR 22746
* elfcode.h (elf_object_p): Avoid integer overflow.
| -rw-r--r-- | bfd/ChangeLog | 5 | ||||
| -rw-r--r-- | bfd/elfcode.h | 4 |
2 files changed, 7 insertions, 2 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index ba9074e..ba377ab 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2018-01-25 Alan Modra <amodra@gmail.com> + + PR 22746 + * elfcode.h (elf_object_p): Avoid integer overflow. + 2018-01-25 Eric Botcazou <ebotcazou@adacore.com> PR ld/22727 diff --git a/bfd/elfcode.h b/bfd/elfcode.h index 00a9001..ea1388d 100644 --- a/bfd/elfcode.h +++ b/bfd/elfcode.h @@ -680,7 +680,7 @@ elf_object_p (bfd *abfd) if (i_ehdrp->e_shnum > ((bfd_size_type) -1) / sizeof (*i_shdrp)) goto got_wrong_format_error; #endif - amt = sizeof (*i_shdrp) * i_ehdrp->e_shnum; + amt = sizeof (*i_shdrp) * (bfd_size_type) i_ehdrp->e_shnum; i_shdrp = (Elf_Internal_Shdr *) bfd_alloc (abfd, amt); if (!i_shdrp) goto got_no_match; @@ -776,7 +776,7 @@ elf_object_p (bfd *abfd) if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr)) goto got_wrong_format_error; #endif - amt = i_ehdrp->e_phnum * sizeof (*i_phdr); + amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr); elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt); if (elf_tdata (abfd)->phdr == NULL) goto got_no_match; |