diff options
| author | H.J. Lu <hjl.tools@gmail.com> | 2021-11-04 06:27:16 -0700 |
|---|---|---|
| committer | H.J. Lu <hjl.tools@gmail.com> | 2021-11-04 06:57:32 -0700 |
| commit | e0f7ea91436dd308a094c4c101fd4169e8245a91 (patch) | |
| tree | 9ba4e0886bf3f47f8e982670557d62b9647c5686 /bfd | |
| parent | edc77c591add0a9c7740a9ed9f7e40358bf65dbf (diff) | |
| download | gdb-e0f7ea91436dd308a094c4c101fd4169e8245a91.zip gdb-e0f7ea91436dd308a094c4c101fd4169e8245a91.tar.gz gdb-e0f7ea91436dd308a094c4c101fd4169e8245a91.tar.bz2 | |
bfd: Always check sections with the corrupt size
Always check sections with the corrupt size for non-MMO files. Skip MMO
files for compress_status == COMPRESS_SECTION_NONE since MMO has special
handling for COMPRESS_SECTION_NONE.
PR binutils/28530
* compress.c (bfd_get_full_section_contents): Always check
sections with the corrupt size.
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/compress.c | 50 |
1 files changed, 27 insertions, 23 deletions
diff --git a/bfd/compress.c b/bfd/compress.c index 4a2ada3..a3adb8d 100644 --- a/bfd/compress.c +++ b/bfd/compress.c @@ -232,6 +232,7 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr) bfd_size_type save_rawsize; bfd_byte *compressed_buffer; unsigned int compression_header_size; + ufile_ptr filesize; if (abfd->direction != write_direction && sec->rawsize != 0) sz = sec->rawsize; @@ -243,34 +244,37 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr) return true; } + filesize = bfd_get_file_size (abfd); + if (filesize > 0 + && filesize < sz + /* PR 24753: Linker created sections can be larger than + the file size, eg if they are being used to hold stubs. */ + && (bfd_section_flags (sec) & SEC_LINKER_CREATED) == 0 + /* PR 24753: Sections which have no content should also be + excluded as they contain no size on disk. */ + && (bfd_section_flags (sec) & SEC_HAS_CONTENTS) != 0 + /* PR 28530: Check compressed sections with the corrupt size. */ + && (sec->compress_status != COMPRESS_SECTION_NONE + /* The MMO file format supports its own special compression + technique, but it uses COMPRESS_SECTION_NONE when loading + a section's contents. */ + || bfd_get_flavour (abfd) != bfd_target_mmo_flavour)) + { + /* PR 24708: Avoid attempts to allocate a ridiculous amount + of memory. */ + bfd_set_error (bfd_error_file_truncated); + _bfd_error_handler + /* xgettext:c-format */ + (_("error: %pB(%pA) section size (%#" PRIx64 " bytes) is larger than file size (%#" PRIx64 " bytes)"), + abfd, sec, (uint64_t) sz, (uint64_t) filesize); + return false; + } + switch (sec->compress_status) { case COMPRESS_SECTION_NONE: if (p == NULL) { - ufile_ptr filesize = bfd_get_file_size (abfd); - if (filesize > 0 - && filesize < sz - /* PR 24753: Linker created sections can be larger than - the file size, eg if they are being used to hold stubs. */ - && (bfd_section_flags (sec) & SEC_LINKER_CREATED) == 0 - /* PR 24753: Sections which have no content should also be - excluded as they contain no size on disk. */ - && (bfd_section_flags (sec) & SEC_HAS_CONTENTS) != 0 - /* The MMO file format supports its own special compression - technique, but it uses COMPRESS_SECTION_NONE when loading - a section's contents. */ - && bfd_get_flavour (abfd) != bfd_target_mmo_flavour) - { - /* PR 24708: Avoid attempts to allocate a ridiculous amount - of memory. */ - bfd_set_error (bfd_error_file_truncated); - _bfd_error_handler - /* xgettext:c-format */ - (_("error: %pB(%pA) section size (%#" PRIx64 " bytes) is larger than file size (%#" PRIx64 " bytes)"), - abfd, sec, (uint64_t) sz, (uint64_t) filesize); - return false; - } p = (bfd_byte *) bfd_malloc (sz); if (p == NULL) { |