diff options
author | Alan Modra <amodra@gmail.com> | 2020-02-19 13:22:39 +1030 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2020-02-19 14:00:55 +1030 |
commit | 2c7c5554df19e410ea3a7d78b0c1435967a4bc62 (patch) | |
tree | ef0005f480637a4a474d1b23ff632caae8bf129c /bfd/libbfd.h | |
parent | 2bb3687ba8720558082d1575823868286d7916b5 (diff) | |
download | gdb-2c7c5554df19e410ea3a7d78b0c1435967a4bc62.zip gdb-2c7c5554df19e410ea3a7d78b0c1435967a4bc62.tar.gz gdb-2c7c5554df19e410ea3a7d78b0c1435967a4bc62.tar.bz2 |
file size check in _bfd_alloc_and_read
* coffgen.c (_bfd_coff_get_external_symbols): Remove file size check.
* elf.c (bfd_elf_get_str_section): Likewise.
(_bfd_elf_slurp_version_tables): Likewise.
* libbfd-in.h (_bfd_constant_p): Define.
(_bfd_alloc_and_read, _bfd_malloc_and_read): Check read size against
file size before allocating memory.
* libbfd.h: Regenerate.
Diffstat (limited to 'bfd/libbfd.h')
-rw-r--r-- | bfd/libbfd.h | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/bfd/libbfd.h b/bfd/libbfd.h index 77c6630..2391500 100644 --- a/bfd/libbfd.h +++ b/bfd/libbfd.h @@ -909,10 +909,26 @@ extern bfd_vma _bfd_safe_read_leb128 ((*res) = (a), (*res) *= (b), (b) != 0 && (*res) / (b) != (a)) #endif +#ifdef __GNUC__ +#define _bfd_constant_p(v) __builtin_constant_p (v) +#else +#define _bfd_constant_p(v) 0 +#endif + static inline bfd_byte * _bfd_alloc_and_read (bfd *abfd, bfd_size_type asize, bfd_size_type rsize) { - bfd_byte *mem = bfd_alloc (abfd, asize); + bfd_byte *mem; + if (!_bfd_constant_p (rsize)) + { + ufile_ptr filesize = bfd_get_file_size (abfd); + if (filesize != 0 && rsize > filesize) + { + bfd_set_error (bfd_error_file_truncated); + return NULL; + } + } + mem = bfd_alloc (abfd, asize); if (mem != NULL) { if (bfd_bread (mem, rsize, abfd) == rsize) @@ -925,7 +941,17 @@ _bfd_alloc_and_read (bfd *abfd, bfd_size_type asize, bfd_size_type rsize) static inline bfd_byte * _bfd_malloc_and_read (bfd *abfd, bfd_size_type asize, bfd_size_type rsize) { - bfd_byte *mem = bfd_malloc (asize); + bfd_byte *mem; + if (!_bfd_constant_p (rsize)) + { + ufile_ptr filesize = bfd_get_file_size (abfd); + if (filesize != 0 && rsize > filesize) + { + bfd_set_error (bfd_error_file_truncated); + return NULL; + } + } + mem = bfd_malloc (asize); if (mem != NULL) { if (bfd_bread (mem, rsize, abfd) == rsize) |