[binutils-gdb] bfd: Always check sections with the corrupt size
H.J. Lu
hjl@sourceware.org
Thu Nov 4 13:58:02 GMT 2021
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e0f7ea91436dd308a094c4c101fd4169e8245a91
commit e0f7ea91436dd308a094c4c101fd4169e8245a91
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Thu Nov 4 06:27:16 2021 -0700
bfd: Always check sections with the corrupt size
Always check sections with the corrupt size for non-MMO files. Skip MMO
files for compress_status == COMPRESS_SECTION_NONE since MMO has special
handling for COMPRESS_SECTION_NONE.
PR binutils/28530
* compress.c (bfd_get_full_section_contents): Always check
sections with the corrupt size.
Diff:
---
bfd/compress.c | 50 +++++++++++++++++++++++++++-----------------------
1 file changed, 27 insertions(+), 23 deletions(-)
diff --git a/bfd/compress.c b/bfd/compress.c
index 4a2ada3e3eb..a3adb8d8250 100644
--- a/bfd/compress.c
+++ b/bfd/compress.c
@@ -232,6 +232,7 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr)
bfd_size_type save_rawsize;
bfd_byte *compressed_buffer;
unsigned int compression_header_size;
+ ufile_ptr filesize;
if (abfd->direction != write_direction && sec->rawsize != 0)
sz = sec->rawsize;
@@ -243,34 +244,37 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr)
return true;
}
+ filesize = bfd_get_file_size (abfd);
+ if (filesize > 0
+ && filesize < sz
+ /* PR 24753: Linker created sections can be larger than
+ the file size, eg if they are being used to hold stubs. */
+ && (bfd_section_flags (sec) & SEC_LINKER_CREATED) == 0
+ /* PR 24753: Sections which have no content should also be
+ excluded as they contain no size on disk. */
+ && (bfd_section_flags (sec) & SEC_HAS_CONTENTS) != 0
+ /* PR 28530: Check compressed sections with the corrupt size. */
+ && (sec->compress_status != COMPRESS_SECTION_NONE
+ /* The MMO file format supports its own special compression
+ technique, but it uses COMPRESS_SECTION_NONE when loading
+ a section's contents. */
+ || bfd_get_flavour (abfd) != bfd_target_mmo_flavour))
+ {
+ /* PR 24708: Avoid attempts to allocate a ridiculous amount
+ of memory. */
+ bfd_set_error (bfd_error_file_truncated);
+ _bfd_error_handler
+ /* xgettext:c-format */
+ (_("error: %pB(%pA) section size (%#" PRIx64 " bytes) is larger than file size (%#" PRIx64 " bytes)"),
+ abfd, sec, (uint64_t) sz, (uint64_t) filesize);
+ return false;
+ }
+
switch (sec->compress_status)
{
case COMPRESS_SECTION_NONE:
if (p == NULL)
{
- ufile_ptr filesize = bfd_get_file_size (abfd);
- if (filesize > 0
- && filesize < sz
- /* PR 24753: Linker created sections can be larger than
- the file size, eg if they are being used to hold stubs. */
- && (bfd_section_flags (sec) & SEC_LINKER_CREATED) == 0
- /* PR 24753: Sections which have no content should also be
- excluded as they contain no size on disk. */
- && (bfd_section_flags (sec) & SEC_HAS_CONTENTS) != 0
- /* The MMO file format supports its own special compression
- technique, but it uses COMPRESS_SECTION_NONE when loading
- a section's contents. */
- && bfd_get_flavour (abfd) != bfd_target_mmo_flavour)
- {
- /* PR 24708: Avoid attempts to allocate a ridiculous amount
- of memory. */
- bfd_set_error (bfd_error_file_truncated);
- _bfd_error_handler
- /* xgettext:c-format */
- (_("error: %pB(%pA) section size (%#" PRIx64 " bytes) is larger than file size (%#" PRIx64 " bytes)"),
- abfd, sec, (uint64_t) sz, (uint64_t) filesize);
- return false;
- }
p = (bfd_byte *) bfd_malloc (sz);
if (p == NULL)
{
More information about the Binutils-cvs
mailing list