diff options
| author | Nick Clifton <nickc@redhat.com> | 2017-11-01 15:21:46 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2017-11-01 15:21:46 +0000 |
| commit | a67d66eb97e7613a38ffe6622d837303b3ecd31d (patch) | |
| tree | 2f13e4423ca125efc505a5aead303fb7f81fe699 /bfd | |
| parent | e0115a844607b280449986e661f551dff49a9031 (diff) | |
| download | gdb-a67d66eb97e7613a38ffe6622d837303b3ecd31d.zip gdb-a67d66eb97e7613a38ffe6622d837303b3ecd31d.tar.gz gdb-a67d66eb97e7613a38ffe6622d837303b3ecd31d.tar.bz2 | |
Prevent illegal memory accesses when attempting to read excessively large COFF line number tables.
PR 22376
* coffcode.h (coff_slurp_line_table): Check for an excessively
large line number count.
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/ChangeLog | 6 | ||||
| -rw-r--r-- | bfd/coffcode.h | 8 |
2 files changed, 14 insertions, 0 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 60fbc9c..35308ab 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,5 +1,11 @@ 2017-11-01 Nick Clifton <nickc@redhat.com> + PR 22376 + * coffcode.h (coff_slurp_line_table): Check for an excessively + large line number count. + +2017-11-01 Nick Clifton <nickc@redhat.com> + PR 22373 * peicode.h (pe_bfd_read_buildid): Revise check for invalid size and offset in light of further possible bogus values. diff --git a/bfd/coffcode.h b/bfd/coffcode.h index 21308de..6da0afa 100644 --- a/bfd/coffcode.h +++ b/bfd/coffcode.h @@ -4578,6 +4578,14 @@ coff_slurp_line_table (bfd *abfd, asection *asect) BFD_ASSERT (asect->lineno == NULL); + if (asect->lineno_count > asect->size) + { + _bfd_error_handler + (_("%B: warning: line number count (%#lx) exceeds section size (%#lx)"), + abfd, (unsigned long) asect->lineno_count, (unsigned long) asect->size); + return FALSE; + } + amt = ((bfd_size_type) asect->lineno_count + 1) * sizeof (alent); lineno_cache = (alent *) bfd_alloc (abfd, amt); if (lineno_cache == NULL) |