aboutsummaryrefslogtreecommitdiff
path: root/bfd/elfcode.h
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2018-11-30 11:45:33 +0000
committerNick Clifton <nickc@redhat.com>2018-11-30 11:45:33 +0000
commit5f60af5d24d181371d67534fa273dd221df20c07 (patch)
treec5b15b6804f1c339e30a70826eeb2f073c51958b /bfd/elfcode.h
parentbeab453223769279cc1cef68a1622ab8978641f7 (diff)
downloadgdb-5f60af5d24d181371d67534fa273dd221df20c07.zip
gdb-5f60af5d24d181371d67534fa273dd221df20c07.tar.gz
gdb-5f60af5d24d181371d67534fa273dd221df20c07.tar.bz2
Fix a memory exhaustion bug when attempting to allocate room for an impossible number of program headers.
* elfcode.h (elf_object_p): Check for corrupt input files with more program headers than can actually fit in the file.
Diffstat (limited to 'bfd/elfcode.h')
-rw-r--r--bfd/elfcode.h5
1 files changed, 5 insertions, 0 deletions
diff --git a/bfd/elfcode.h b/bfd/elfcode.h
index f224c8b..16ed8e5 100644
--- a/bfd/elfcode.h
+++ b/bfd/elfcode.h
@@ -784,6 +784,11 @@ elf_object_p (bfd *abfd)
if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr))
goto got_wrong_format_error;
#endif
+ /* Check for a corrupt input file with an impossibly large number
+ of program headers. */
+ if (bfd_get_file_size (abfd) > 0
+ && i_ehdrp->e_phnum > bfd_get_file_size (abfd))
+ goto got_no_match;
amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr);
elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt);
if (elf_tdata (abfd)->phdr == NULL)