diff options
| author | Alan Modra <amodra@gmail.com> | 2018-09-20 15:29:17 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2018-09-20 15:33:45 +0930 |
| commit | 30838132997e6a3cfe3ec11c58b32b22f6f6b102 (patch) | |
| tree | d27a866fa48412d72a717c31871b18ed4ebbf824 /bfd/dwarf2.c | |
| parent | 4ee9b0c53a8055b869dfe424846bc00eb0cd0c8f (diff) | |
| download | gdb-30838132997e6a3cfe3ec11c58b32b22f6f6b102.zip gdb-30838132997e6a3cfe3ec11c58b32b22f6f6b102.tar.gz gdb-30838132997e6a3cfe3ec11c58b32b22f6f6b102.tar.bz2 | |
Bug 23686, two segment faults in nm
Fixes the bugs exposed by the testcases in the PR, plus two more bugs
I noticed when looking at _bfd_stab_section_find_nearest_line.
PR 23686
* dwarf2.c (read_section): Error when attempting to malloc
"(bfd_size_type) -1".
* syms.c (_bfd_stab_section_find_nearest_line): Bounds check
function_name. Bounds check reloc address. Formatting. Ensure
.stabstr zero terminated.
Diffstat (limited to 'bfd/dwarf2.c')
| -rw-r--r-- | bfd/dwarf2.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c index 3b28855..77a7368 100644 --- a/bfd/dwarf2.c +++ b/bfd/dwarf2.c @@ -527,6 +527,7 @@ read_section (bfd * abfd, asection *msec; const char *section_name = sec->uncompressed_name; bfd_byte *contents = *section_buffer; + bfd_size_type amt; /* The section may have already been read. */ if (contents == NULL) @@ -549,7 +550,13 @@ read_section (bfd * abfd, *section_size = msec->rawsize ? msec->rawsize : msec->size; /* Paranoia - alloc one extra so that we can make sure a string section is NUL terminated. */ - contents = (bfd_byte *) bfd_malloc (*section_size + 1); + amt = *section_size + 1; + if (amt == 0) + { + bfd_set_error (bfd_error_no_memory); + return FALSE; + } + contents = (bfd_byte *) bfd_malloc (amt); if (contents == NULL) return FALSE; if (syms |