Avoid coff OOM

bfd_zalloc/bfd_zmalloc to fix uninitialized memory reads is too big a
hammer, when the size allocated depends on user input.  A typical
bfd_alloc, bfd_seek, bfd_bread sequence will give an error or warning
at the point the file read fails when some enormous item as described
by headers is not actually present in the file.  Nice operating system
allow memory overcommit.  But not if you write to the memory.  So
bfd_zalloc can cause an OOM, thrashing, or system hangs.

The patch also fixes a recently introduced endless loop on bad input.

	PR binutils/17512
	* coffcode.h (coff_slurp_line_table): Don't bfd_zalloc, just
	memset the particular bits we need.  Update src after hitting loop
	"continue".  Don't count lineno omitted due to invalid symbols in
	nbr_func, and update lineno_count.  Init entire terminating
	lineno.  Don't both allocating terminator in n_lineno_cache.
	Redirect sym->lineno pointer to where n_lineno_cache will be
	copied, and free n_lineno_cache.
	* pe-mips.c (NUM_HOWTOS): Typo fix.

1 files changed, 12 insertions, 0 deletions

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 72b6ceb..afbbc26 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,17 @@
 2014-11-11  Alan Modra  <amodra@gmail.com>
 
+	PR binutils/17512
+	* coffcode.h (coff_slurp_line_table): Don't bfd_zalloc, just
+	memset the particular bits we need.  Update src after hitting loop
+	"continue".  Don't count lineno omitted due to invalid symbols in
+	nbr_func, and update lineno_count.  Init entire terminating
+	lineno.  Don't both allocating terminator in n_lineno_cache.
+	Redirect sym->lineno pointer to where n_lineno_cache will be
+	copied, and free n_lineno_cache.
+	* pe-mips.c (NUM_HOWTOS): Typo fix.
+
+2014-11-11  Alan Modra  <amodra@gmail.com>
+
 	* elf-eh-frame.c (_bfd_elf_write_section_eh_frame): Adjust section
 	size check to account for possible zero terminator.