This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] Prevent a memory exhaustion problem when trying to read in strings from a COFF binary with a corrupt
- From: Nick Clifton <nickc at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 28 Nov 2017 18:01:16 -0000
- Subject: [binutils-gdb] Prevent a memory exhaustion problem when trying to read in strings from a COFF binary with a corrupt
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c
commit b0029dce6867de1a2828293177b0e030d2f0f03c
Author: Nick Clifton <nickc@redhat.com>
Date: Tue Nov 28 18:00:29 2017 +0000
Prevent a memory exhaustion problem when trying to read in strings from a COFF binary with a corrupt string table size.
PR 22507
* coffgen.c (_bfd_coff_read_string_table): Check for an excessive
size of the external string table.
Diff:
---
bfd/ChangeLog | 6 ++++++
bfd/coffgen.c | 4 ++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 13ff8ad..e8d7563 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,11 @@
2017-11-28 Nick Clifton <nickc@redhat.com>
+ PR 22507
+ * coffgen.c (_bfd_coff_read_string_table): Check for an excessive
+ size of the external string table.
+
+2017-11-28 Nick Clifton <nickc@redhat.com>
+
PR 22506
* reloc.c (reloc_offset_in_range): Rename to
bfd_reloc_offset_in_range and export.
diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index 81efd9b..7798dfc 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1718,7 +1718,7 @@ _bfd_coff_read_string_table (bfd *abfd)
#endif
}
- if (strsize < STRING_SIZE_SIZE)
+ if (strsize < STRING_SIZE_SIZE || strsize > bfd_get_file_size (abfd))
{
_bfd_error_handler
/* xgettext: c-format */
@@ -1726,7 +1726,7 @@ _bfd_coff_read_string_table (bfd *abfd)
bfd_set_error (bfd_error_bad_value);
return NULL;
}
-
+
strings = (char *) bfd_malloc (strsize + 1);
if (strings == NULL)
return NULL;