diff options
author | Nick Clifton <nickc@redhat.com> | 2019-03-19 13:39:30 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2019-03-19 13:39:30 +0000 |
commit | 634557801d909982b47b1723f4216ebe8bc784aa (patch) | |
tree | a336984f54bec19fd0bb6d7e9b0257bbae195acf /binutils/objdump.c | |
parent | 392a59728b7286d5fd1a1c377de3c40334bbb36f (diff) | |
download | gdb-634557801d909982b47b1723f4216ebe8bc784aa.zip gdb-634557801d909982b47b1723f4216ebe8bc784aa.tar.gz gdb-634557801d909982b47b1723f4216ebe8bc784aa.tar.bz2 |
Prevent an illegal memory access by objdump when parsing a corrupt file on a 32-bit host.
PR 24360
* objdump.c (load_specific_debug_section): Check that the amount
of memory to be allocated matches the size of the section.
Diffstat (limited to 'binutils/objdump.c')
-rw-r--r-- | binutils/objdump.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/binutils/objdump.c b/binutils/objdump.c index 3ef2716..79aed75 100644 --- a/binutils/objdump.c +++ b/binutils/objdump.c @@ -382,10 +382,10 @@ nonfatal (const char *msg) static const char * sanitize_string (const char * in) { - static char * buffer = NULL; - static unsigned int buffer_len = 0; - const char * original = in; - char * out; + static char * buffer = NULL; + static size_t buffer_len = 0; + const char * original = in; + char * out; /* Paranoia. */ if (in == NULL) @@ -2679,6 +2679,7 @@ load_specific_debug_section (enum dwarf_section_display_enum debug, bfd *abfd = (bfd *) file; bfd_byte *contents; bfd_size_type amt; + size_t alloced; if (section->start != NULL) { @@ -2694,8 +2695,9 @@ load_specific_debug_section (enum dwarf_section_display_enum debug, section->address = bfd_get_section_vma (abfd, sec); section->user_data = sec; section->size = bfd_get_section_size (sec); - amt = section->size + 1; - if (amt == 0) + /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */ + alloced = amt = section->size + 1; + if (alloced != amt || alloced == 0) { section->start = NULL; free_debug_section (debug); @@ -2704,7 +2706,7 @@ load_specific_debug_section (enum dwarf_section_display_enum debug, (unsigned long long) section->size); return FALSE; } - section->start = contents = malloc (amt); + section->start = contents = malloc (alloced); if (section->start == NULL || !bfd_get_full_section_contents (abfd, sec, &contents)) { |