diff options
author | Nick Clifton <nickc@redhat.com> | 2015-02-06 12:19:20 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2015-02-06 12:19:20 +0000 |
commit | 8490fb409a37072389da7cafc3a92255e9a34c98 (patch) | |
tree | 65d8ca3d3c9ae47a3f6bbd2e77a27aecaef91ed5 /binutils | |
parent | 5929c344f957f93253efa4c3495a996789d48ae7 (diff) | |
download | gdb-8490fb409a37072389da7cafc3a92255e9a34c98.zip gdb-8490fb409a37072389da7cafc3a92255e9a34c98.tar.gz gdb-8490fb409a37072389da7cafc3a92255e9a34c98.tar.bz2 |
Fix memory access violations triggered by processing fuzzed binaries with a 32-bit version of readelf, compiled on a 64-bit host.
PR binutils/17531
* dwarf.c (xcmalloc): Fail if the arguments are too big.
(xcrealloc): Likewise.
(xcalloc2): Likewise.
Diffstat (limited to 'binutils')
-rw-r--r-- | binutils/ChangeLog | 5 | ||||
-rw-r--r-- | binutils/dwarf.c | 21 |
2 files changed, 23 insertions, 3 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 6cd306a..9e682c1 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -4,6 +4,11 @@ * dwarf.c (display_debug_frames): Fix range checks to work on 32-bit binaries complied on a 64-bit host. + PR binutils/17531 + * dwarf.c (xcmalloc): Fail if the arguments are too big. + (xcrealloc): Likewise. + (xcalloc2): Likewise. + 2015-02-05 Alan Modra <amodra@gmail.com> PR binutils/17926 diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 2edacb8..cebd8c9 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -7217,7 +7217,12 @@ xcmalloc (size_t nmemb, size_t size) { /* Check for overflow. */ if (nmemb >= ~(size_t) 0 / size) - return NULL; + { + fprintf (stderr, + _("Attempt to allocate an array with an excessive number of elements: 0x%lx\n"), + (long) nmemb); + xexit (1); + } return xmalloc (nmemb * size); } @@ -7230,7 +7235,12 @@ xcrealloc (void *ptr, size_t nmemb, size_t size) { /* Check for overflow. */ if (nmemb >= ~(size_t) 0 / size) - return NULL; + { + fprintf (stderr, + _("Attempt to re-allocate an array with an excessive number of elements: 0x%lx\n"), + (long) nmemb); + xexit (1); + } return xrealloc (ptr, nmemb * size); } @@ -7241,7 +7251,12 @@ xcalloc2 (size_t nmemb, size_t size) { /* Check for overflow. */ if (nmemb >= ~(size_t) 0 / size) - return NULL; + { + fprintf (stderr, + _("Attempt to allocate a zero'ed array with an excessive number of elements: 0x%lx\n"), + (long) nmemb); + xexit (1); + } return xcalloc (nmemb, size); } |