From c20f6f63eda61348326a861a155716b8d9073307 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Mon, 7 Dec 2015 13:41:36 +1030
Subject: PR19323 memory allocation greater than 4G

On 32-bit targets, memory requested for program/section headers on a
fuzzed binary can wrap to 0.  A bfd_alloc of zero bytes actually
returns a one byte allocation rather than a NULL pointer.  This then
leads to buffer overflows.

Making this check unconditional triggers an extremely annoying gcc-5
warning.

	PR19323
	* elfcode.h (elf_object_p): Check for ridiculous e_shnum and
	e_phnum values.
---
 bfd/ChangeLog | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'bfd/ChangeLog')

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 0a92044..710b790 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,11 @@
 2015-12-07  Alan Modra  <amodra@gmail.com>
 
+	PR19323
+	* elfcode.h (elf_object_p): Check for ridiculous e_shnum and
+	e_phnum values.
+
+2015-12-07  Alan Modra  <amodra@gmail.com>
+
 	* reloc.c (BFD_RELOC_PPC64_ENTRY): New.
 	* elf64-ppc.c (reloc_howto_type ppc64_elf_howto_raw): Add
 	entry for R_PPC64_ENTRY.
-- 
cgit v1.1