aboutsummaryrefslogtreecommitdiff
path: root/binutils/objdump.c
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2019-03-19 13:39:30 +0000
committerNick Clifton <nickc@redhat.com>2019-03-19 13:39:30 +0000
commit634557801d909982b47b1723f4216ebe8bc784aa (patch)
treea336984f54bec19fd0bb6d7e9b0257bbae195acf /binutils/objdump.c
parent392a59728b7286d5fd1a1c377de3c40334bbb36f (diff)
downloadgdb-634557801d909982b47b1723f4216ebe8bc784aa.zip
gdb-634557801d909982b47b1723f4216ebe8bc784aa.tar.gz
gdb-634557801d909982b47b1723f4216ebe8bc784aa.tar.bz2
Prevent an illegal memory access by objdump when parsing a corrupt file on a 32-bit host.
PR 24360 * objdump.c (load_specific_debug_section): Check that the amount of memory to be allocated matches the size of the section.
Diffstat (limited to 'binutils/objdump.c')
-rw-r--r--binutils/objdump.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/binutils/objdump.c b/binutils/objdump.c
index 3ef2716..79aed75 100644
--- a/binutils/objdump.c
+++ b/binutils/objdump.c
@@ -382,10 +382,10 @@ nonfatal (const char *msg)
static const char *
sanitize_string (const char * in)
{
- static char * buffer = NULL;
- static unsigned int buffer_len = 0;
- const char * original = in;
- char * out;
+ static char * buffer = NULL;
+ static size_t buffer_len = 0;
+ const char * original = in;
+ char * out;
/* Paranoia. */
if (in == NULL)
@@ -2679,6 +2679,7 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
bfd *abfd = (bfd *) file;
bfd_byte *contents;
bfd_size_type amt;
+ size_t alloced;
if (section->start != NULL)
{
@@ -2694,8 +2695,9 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
section->address = bfd_get_section_vma (abfd, sec);
section->user_data = sec;
section->size = bfd_get_section_size (sec);
- amt = section->size + 1;
- if (amt == 0)
+ /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */
+ alloced = amt = section->size + 1;
+ if (alloced != amt || alloced == 0)
{
section->start = NULL;
free_debug_section (debug);
@@ -2704,7 +2706,7 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
(unsigned long long) section->size);
return FALSE;
}
- section->start = contents = malloc (amt);
+ section->start = contents = malloc (alloced);
if (section->start == NULL
|| !bfd_get_full_section_contents (abfd, sec, &contents))
{