aboutsummaryrefslogtreecommitdiff
path: root/binutils
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2015-02-06 12:19:20 +0000
committerNick Clifton <nickc@redhat.com>2015-02-06 12:19:20 +0000
commit8490fb409a37072389da7cafc3a92255e9a34c98 (patch)
tree65d8ca3d3c9ae47a3f6bbd2e77a27aecaef91ed5 /binutils
parent5929c344f957f93253efa4c3495a996789d48ae7 (diff)
downloadgdb-8490fb409a37072389da7cafc3a92255e9a34c98.zip
gdb-8490fb409a37072389da7cafc3a92255e9a34c98.tar.gz
gdb-8490fb409a37072389da7cafc3a92255e9a34c98.tar.bz2
Fix memory access violations triggered by processing fuzzed binaries with a 32-bit version of readelf, compiled on a 64-bit host.
PR binutils/17531 * dwarf.c (xcmalloc): Fail if the arguments are too big. (xcrealloc): Likewise. (xcalloc2): Likewise.
Diffstat (limited to 'binutils')
-rw-r--r--binutils/ChangeLog5
-rw-r--r--binutils/dwarf.c21
2 files changed, 23 insertions, 3 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 6cd306a..9e682c1 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -4,6 +4,11 @@
* dwarf.c (display_debug_frames): Fix range checks to work on
32-bit binaries complied on a 64-bit host.
+ PR binutils/17531
+ * dwarf.c (xcmalloc): Fail if the arguments are too big.
+ (xcrealloc): Likewise.
+ (xcalloc2): Likewise.
+
2015-02-05 Alan Modra <amodra@gmail.com>
PR binutils/17926
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 2edacb8..cebd8c9 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -7217,7 +7217,12 @@ xcmalloc (size_t nmemb, size_t size)
{
/* Check for overflow. */
if (nmemb >= ~(size_t) 0 / size)
- return NULL;
+ {
+ fprintf (stderr,
+ _("Attempt to allocate an array with an excessive number of elements: 0x%lx\n"),
+ (long) nmemb);
+ xexit (1);
+ }
return xmalloc (nmemb * size);
}
@@ -7230,7 +7235,12 @@ xcrealloc (void *ptr, size_t nmemb, size_t size)
{
/* Check for overflow. */
if (nmemb >= ~(size_t) 0 / size)
- return NULL;
+ {
+ fprintf (stderr,
+ _("Attempt to re-allocate an array with an excessive number of elements: 0x%lx\n"),
+ (long) nmemb);
+ xexit (1);
+ }
return xrealloc (ptr, nmemb * size);
}
@@ -7241,7 +7251,12 @@ xcalloc2 (size_t nmemb, size_t size)
{
/* Check for overflow. */
if (nmemb >= ~(size_t) 0 / size)
- return NULL;
+ {
+ fprintf (stderr,
+ _("Attempt to allocate a zero'ed array with an excessive number of elements: 0x%lx\n"),
+ (long) nmemb);
+ xexit (1);
+ }
return xcalloc (nmemb, size);
}