View | Details | Raw Unified | Return to bug 22809
Collapse All | Expand All

(-)a/bfd/elf-attrs.c (+8 lines)
Lines 438-443 _bfd_elf_parse_attributes (bfd *abfd, Elf_Internal_Shdr * hdr) Link Here
438
  /* PR 17512: file: 2844a11d.  */
438
  /* PR 17512: file: 2844a11d.  */
439
  if (hdr->sh_size == 0)
439
  if (hdr->sh_size == 0)
440
    return;
440
    return;
441
  if (hdr->sh_size > bfd_get_file_size (abfd))
442
    {
443
      _bfd_error_handler (_("%B: error: attribute section '%A' too big: %#llx"),
444
			  abfd, hdr->bfd_section, (long long) hdr->sh_size);
445
      bfd_set_error (bfd_error_invalid_operation);
446
      return;
447
    }
448
441
  contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1);
449
  contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1);
442
  if (!contents)
450
  if (!contents)
443
    return;
451
    return;
(-)a/bfd/elf.c (+1 lines)
Lines 298-303 bfd_elf_get_str_section (bfd *abfd, unsigned int shindex) Link Here
298
      /* Allocate and clear an extra byte at the end, to prevent crashes
298
      /* Allocate and clear an extra byte at the end, to prevent crashes
299
	 in case the string table is not terminated.  */
299
	 in case the string table is not terminated.  */
300
      if (shstrtabsize + 1 <= 1
300
      if (shstrtabsize + 1 <= 1
301
	  || shstrtabsize > bfd_get_file_size (abfd)
301
	  || bfd_seek (abfd, offset, SEEK_SET) != 0
302
	  || bfd_seek (abfd, offset, SEEK_SET) != 0
302
	  || (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL)
303
	  || (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL)
303
	shstrtab = NULL;
304
	shstrtab = NULL;

Return to bug 22809