diff options
| author | Alan Modra <amodra@gmail.com> | 2020-08-05 10:03:00 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2020-08-05 10:34:05 +0930 |
| commit | 0b97e818464a42305c8243a980a5c13967554fd9 (patch) | |
| tree | ab9e326ba16cecab9599dc2ddc96ebdcc7ae86fd | |
| parent | b7563b2492962421e1795e2eca61beffbb45e08d (diff) | |
| download | gdb-0b97e818464a42305c8243a980a5c13967554fd9.zip gdb-0b97e818464a42305c8243a980a5c13967554fd9.tar.gz gdb-0b97e818464a42305c8243a980a5c13967554fd9.tar.bz2 | |
PR26337, Malloc size error in objdump
A malloc failure triggered by a fuzzed object file isn't a real
problem unless objdump doesn't exit cleanly after the failure, which
it does. However we have bfd_malloc_and_get_section to sanity check
size of uncompressed sections before allocating memory. Use it.
PR 26337
* objdump.c (load_specific_debug_section): Don't malloc space for
section contents, use bfd_malloc_and_get_section.
| -rw-r--r-- | binutils/ChangeLog | 6 | ||||
| -rw-r--r-- | binutils/objdump.c | 7 |
2 files changed, 9 insertions, 4 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index acd04df..a924ae2 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,9 @@ +2020-08-05 Alan Modra <amodra@gmail.com> + + PR 26337 + * objdump.c (load_specific_debug_section): Don't malloc space for + section contents, use bfd_malloc_and_get_section. + 2020-07-30 Rainer Orth <ro@CeBiTec.Uni-Bielefeld.DE> * Makefile.am (AM_CPPFLAGS): Add LARGEFILE_CPPFLAGS. diff --git a/binutils/objdump.c b/binutils/objdump.c index 79ef051..1b48cd3 100644 --- a/binutils/objdump.c +++ b/binutils/objdump.c @@ -3545,6 +3545,7 @@ load_specific_debug_section (enum dwarf_section_display_enum debug, if (streq (section->filename, bfd_get_filename (abfd))) return TRUE; free (section->start); + section->start = NULL; } section->filename = bfd_get_filename (abfd); @@ -3557,22 +3558,20 @@ load_specific_debug_section (enum dwarf_section_display_enum debug, alloced = amt = section->size + 1; if (alloced != amt || alloced == 0) { - section->start = NULL; free_debug_section (debug); printf (_("\nSection '%s' has an invalid size: %#llx.\n"), sanitize_string (section->name), (unsigned long long) section->size); return FALSE; } - section->start = contents = malloc (alloced); - if (section->start == NULL - || !bfd_get_full_section_contents (abfd, sec, &contents)) + if (!bfd_malloc_and_get_section (abfd, sec, &contents)) { free_debug_section (debug); printf (_("\nCan't get contents for section '%s'.\n"), sanitize_string (section->name)); return FALSE; } + section->start = contents; /* Ensure any string section has a terminating NUL. */ section->start[section->size] = 0; |