Avoid allocating over-large buffers when parsing corrupt binaries.

PR binutils/17512 * coffgen.c (_bfd_coff_get_external_symbols): Do not try to load a symbol table bigger than the file. * elf.c (bfd_elf_get_str_section): Do not try to load a string table bigger than the file. * readelf.c (process_program_headers): Avoid memory exhaustion due to corrupt values in a dynamis segment header. (get_32bit_elf_symbols): Do not attempt to read an over-large section. (get_64bit_elf_symbols): Likewise.
author: Nick Clifton <nickc@redhat.com> 2014-10-31 16:36:31 +0000
committer: Nick Clifton <nickc@redhat.com> 2014-10-31 16:36:31 +0000
commit: f54498b45795194df671207c6ef3d6cd6d0c0ebb (patch)
tree: 940ab0d69864094f00b010c1c678f3701bb6087f /bfd/coffgen.c
parent: fe06005387223e8a8b37e49036efe06b4062c7f4 (diff)
download: gdb-f54498b45795194df671207c6ef3d6cd6d0c0ebb.zip
gdb-f54498b45795194df671207c6ef3d6cd6d0c0ebb.tar.gz
gdb-f54498b45795194df671207c6ef3d6cd6d0c0ebb.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index a1a0325..f18ddab 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1616,6 +1616,11 @@ _bfd_coff_get_external_symbols (bfd *abfd)
   if (size == 0)
     return TRUE;
 
+  /* PR binutils/17512: Do not even try to load
+     a symbol table bigger than the entire file...  */
+  if (size >= (bfd_size_type) bfd_get_size (abfd))
+    return FALSE;
+
   syms = bfd_malloc (size);
   if (syms == NULL)
     return FALSE;
author	Nick Clifton <nickc@redhat.com>	2014-10-31 16:36:31 +0000
committer	Nick Clifton <nickc@redhat.com>	2014-10-31 16:36:31 +0000
commit	f54498b45795194df671207c6ef3d6cd6d0c0ebb (patch)
tree	940ab0d69864094f00b010c1c678f3701bb6087f /bfd/coffgen.c
parent	fe06005387223e8a8b37e49036efe06b4062c7f4 (diff)
download	gdb-f54498b45795194df671207c6ef3d6cd6d0c0ebb.zip gdb-f54498b45795194df671207c6ef3d6cd6d0c0ebb.tar.gz gdb-f54498b45795194df671207c6ef3d6cd6d0c0ebb.tar.bz2