This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] Fix a memory exhaustion bug when attempting to allocate room for an impossible number of program hea
- From: Nick Clifton <nickc at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 30 Nov 2018 11:46:27 -0000
- Subject: [binutils-gdb] Fix a memory exhaustion bug when attempting to allocate room for an impossible number of program hea
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5f60af5d24d181371d67534fa273dd221df20c07
commit 5f60af5d24d181371d67534fa273dd221df20c07
Author: Nick Clifton <nickc@redhat.com>
Date: Fri Nov 30 11:45:33 2018 +0000
Fix a memory exhaustion bug when attempting to allocate room for an impossible number of program headers.
* elfcode.h (elf_object_p): Check for corrupt input files with
more program headers than can actually fit in the file.
Diff:
---
bfd/ChangeLog | 5 +++++
bfd/elfcode.h | 5 +++++
2 files changed, 10 insertions(+)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 6ea4835..f99b085 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,10 @@
2018-11-30 Nick Clifton <nickc@redhat.com>
+ * elfcode.h (elf_object_p): Check for corrupt input files with
+ more program headers than can actually fit in the file.
+
+2018-11-30 Nick Clifton <nickc@redhat.com>
+
PR 23932
* elf.c (IS_CONTAINED_BY_LMA): Add a check for a negative section
size.
diff --git a/bfd/elfcode.h b/bfd/elfcode.h
index f224c8b..16ed8e5 100644
--- a/bfd/elfcode.h
+++ b/bfd/elfcode.h
@@ -784,6 +784,11 @@ elf_object_p (bfd *abfd)
if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr))
goto got_wrong_format_error;
#endif
+ /* Check for a corrupt input file with an impossibly large number
+ of program headers. */
+ if (bfd_get_file_size (abfd) > 0
+ && i_ehdrp->e_phnum > bfd_get_file_size (abfd))
+ goto got_no_match;
amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr);
elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt);
if (elf_tdata (abfd)->phdr == NULL)