diff options
| author | Nick Clifton <nickc@redhat.com> | 2015-02-06 12:19:20 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2015-02-06 12:19:20 +0000 |
| commit | 8490fb409a37072389da7cafc3a92255e9a34c98 (patch) | |
| tree | 65d8ca3d3c9ae47a3f6bbd2e77a27aecaef91ed5 /binutils/dwarf.c | |
| parent | 5929c344f957f93253efa4c3495a996789d48ae7 (diff) | |
| download | gdb-8490fb409a37072389da7cafc3a92255e9a34c98.zip gdb-8490fb409a37072389da7cafc3a92255e9a34c98.tar.gz gdb-8490fb409a37072389da7cafc3a92255e9a34c98.tar.bz2 | |
Fix memory access violations triggered by processing fuzzed binaries with a 32-bit version of readelf, compiled on a 64-bit host.
PR binutils/17531
* dwarf.c (xcmalloc): Fail if the arguments are too big.
(xcrealloc): Likewise.
(xcalloc2): Likewise.
Diffstat (limited to 'binutils/dwarf.c')
| -rw-r--r-- | binutils/dwarf.c | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 2edacb8..cebd8c9 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -7217,7 +7217,12 @@ xcmalloc (size_t nmemb, size_t size) { /* Check for overflow. */ if (nmemb >= ~(size_t) 0 / size) - return NULL; + { + fprintf (stderr, + _("Attempt to allocate an array with an excessive number of elements: 0x%lx\n"), + (long) nmemb); + xexit (1); + } return xmalloc (nmemb * size); } @@ -7230,7 +7235,12 @@ xcrealloc (void *ptr, size_t nmemb, size_t size) { /* Check for overflow. */ if (nmemb >= ~(size_t) 0 / size) - return NULL; + { + fprintf (stderr, + _("Attempt to re-allocate an array with an excessive number of elements: 0x%lx\n"), + (long) nmemb); + xexit (1); + } return xrealloc (ptr, nmemb * size); } @@ -7241,7 +7251,12 @@ xcalloc2 (size_t nmemb, size_t size) { /* Check for overflow. */ if (nmemb >= ~(size_t) 0 / size) - return NULL; + { + fprintf (stderr, + _("Attempt to allocate a zero'ed array with an excessive number of elements: 0x%lx\n"), + (long) nmemb); + xexit (1); + } return xcalloc (nmemb, size); } |