[patch] sanity check bfd_is_section_compressed header
DJ Delorie
dj@redhat.com
Wed Jun 5 19:18:00 GMT 2013
Had a customer library where the first string in [non-compressed]
.debug_str was "ZLIB_COMPRESS_ERROR". The linker tried to allocate a
few hundred terabytes to decompress it, because it *only* checks for
"ZLIB" as the signature. On ASCII systems, this sanity check assumes
an uncompressed size greater than half a terabyte is unreasonable. Is
this a reasonable sanity check? (if you answer "no" you get to come
up with a better check ;)
* compress.c (bfd_is_section_compressed): Sanity check the ZLIB
header in case the first string happens to start with ZLIB.
Index: compress.c
===================================================================
RCS file: /cvs/src/src/bfd/compress.c,v
retrieving revision 1.20
diff -p -U 5 -r1.20 compress.c
--- compress.c 17 Apr 2013 14:16:01 -0000 1.20
+++ compress.c 5 Jun 2013 19:08:21 -0000
@@ -20,10 +20,11 @@
MA 02110-1301, USA. */
#include "sysdep.h"
#include "bfd.h"
#include "libbfd.h"
+#include "safe-ctype.h"
#ifdef HAVE_ZLIB_H
#include <zlib.h>
#endif
#ifdef HAVE_ZLIB_H
@@ -302,10 +303,17 @@ bfd_is_section_compressed (bfd *abfd, se
/* Read the zlib header. In this case, it should be "ZLIB" followed
by the uncompressed section size, 8 bytes in big-endian order. */
compressed = (bfd_get_section_contents (abfd, sec, compressed_buffer, 0, 12)
&& CONST_STRNEQ ((char*) compressed_buffer, "ZLIB"));
+ /* Sanity check, in case the first string in the section *happens*
+ to start with "ZLIB". Uncompressed data will appear unreasonably
+ large if either of the next two bytes happen to be valid symbol name
+ characters. */
+ if (ISPRINT (compressed_buffer[4]) || ISPRINT (compressed_buffer[5]))
+ compressed = 0;
+
/* Restore compress_status. */
sec->compress_status = saved;
return compressed;
}
More information about the Binutils
mailing list