Revert bfd_get_size checks

Alan Modra amodra@gmail.com
Thu Nov 6 13:51:00 GMT 2014


I think we should revert all of these bfd_get_size checks, given the
number of errors they have introduced, and that it's better to allow a
malloc, seek or read failure on a corrupt file than penalize good
files with a stat.  Nick?

diff --git a/bfd/aoutx.h b/bfd/aoutx.h
index cb0887a..bef59b4 100644
--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
@@ -1756,8 +1756,6 @@ NAME (aout, slurp_symbol_table) (bfd *abfd)
     return TRUE;		/* Nothing to do.  */
 
   cached_size *= sizeof (aout_symbol_type);
-  if (cached_size >= (bfd_size_type) bfd_get_size (abfd))
-    return FALSE;
   cached = (aout_symbol_type *) bfd_zmalloc (cached_size);
   if (cached == NULL)
     return FALSE;
@@ -2309,11 +2307,6 @@ NAME (aout, slurp_reloc_table) (bfd *abfd, sec_ptr asect, asymbol **symbols)
   if (reloc_size == 0)
     return TRUE;		/* Nothing to be done.  */
 
-  /* PR binutils/17512: Do not even try to
-     load the relocs if their size is corrupt.  */
-  if (reloc_size + asect->rel_filepos >= (bfd_size_type) bfd_get_size (abfd))
-    return FALSE;
-
   if (bfd_seek (abfd, asect->rel_filepos, SEEK_SET) != 0)
     return FALSE;
 
diff --git a/bfd/archive.c b/bfd/archive.c
index b905213..9e94745 100644
--- a/bfd/archive.c
+++ b/bfd/archive.c
@@ -1293,9 +1293,6 @@ _bfd_slurp_extended_name_table (bfd *abfd)
       amt = namedata->parsed_size;
       if (amt + 1 == 0)
 	goto byebye;
-      /* PR binutils/17533: A corrupt archive can contain an invalid size.  */
-      if (amt > (bfd_size_type) bfd_get_size (abfd))
-	goto byebye;
 
       bfd_ardata (abfd)->extended_names_size = amt;
       bfd_ardata (abfd)->extended_names = (char *) bfd_zalloc (abfd, amt + 1);
diff --git a/bfd/coffcode.h b/bfd/coffcode.h
index 1ca28b8..3abb6a3 100644
--- a/bfd/coffcode.h
+++ b/bfd/coffcode.h
@@ -1919,15 +1919,6 @@ coff_set_alignment_hook (bfd * abfd ATTRIBUTE_UNUSED,
       if (bfd_seek (abfd, oldpos, 0) != 0)
 	return;
       section->reloc_count = hdr->s_nreloc = n.r_vaddr - 1;
-      /* PR binutils/17512: Stop corrupt files from causing
-	 memory problems if they claim to have too many relocs.  */
-      if (section->reloc_count * relsz > (bfd_size_type) bfd_get_size (abfd))
-	{
-	  (*_bfd_error_handler)
-	    ("%s: warning: claims to have %#x relocs, but the file is not that big",
-	     bfd_get_filename (abfd), section->reloc_count);
-	  section->reloc_count = 0;
-	}
       section->rel_filepos += relsz;
     }
   else if (hdr->s_nreloc == 0xffff)
@@ -4528,8 +4519,6 @@ coff_slurp_line_table (bfd *abfd, asection *asect)
   BFD_ASSERT (asect->lineno == NULL);
 
   amt = ((bfd_size_type) asect->lineno_count + 1) * sizeof (alent);
-  if (amt > (bfd_size_type) bfd_get_size (abfd))
-    return FALSE;
   lineno_cache = (alent *) bfd_zalloc (abfd, amt);
   if (lineno_cache == NULL)
     return FALSE;
diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index d0bf2c1a..9ad0783 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1619,11 +1619,6 @@ _bfd_coff_get_external_symbols (bfd *abfd)
   if (size == 0)
     return TRUE;
 
-  /* PR binutils/17512: Do not even try to load
-     a symbol table bigger than the entire file...  */
-  if (size >= (bfd_size_type) bfd_get_size (abfd))
-    return FALSE;
-
   syms = bfd_malloc (size);
   if (syms == NULL)
     return FALSE;
@@ -1756,15 +1751,7 @@ coff_get_normalized_symtab (bfd *abfd)
   if (obj_raw_syments (abfd) != NULL)
     return obj_raw_syments (abfd);
 
-  size = obj_raw_syment_count (abfd);
-  if (size == 0)
-    return NULL;
-  /* PR binutils/17512: Do not even try to load
-     a symbol table bigger than the entire file...  */
-  if (size >= (bfd_size_type) bfd_get_size (abfd))
-    return NULL;
-
-  size *= sizeof (combined_entry_type);
+  size = obj_raw_syment_count (abfd) * sizeof (combined_entry_type);
   internal = (combined_entry_type *) bfd_zalloc (abfd, size);
   if (internal == NULL && size != 0)
     return NULL;
diff --git a/bfd/compress.c b/bfd/compress.c
index 6831562..20eef95 100644
--- a/bfd/compress.c
+++ b/bfd/compress.c
@@ -177,14 +177,6 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr)
   switch (sec->compress_status)
     {
     case COMPRESS_SECTION_NONE:
-      /* PR binutils/17512: Avoid malloc or file reading errors due to
-	 ridiculous section sizes.  But ignore linker created objects
-	 and bfds with no contents (yet).  */
-      if (bfd_get_size (abfd) > 0
-	  && (sec->flags & SEC_LINKER_CREATED) == 0
-	  && sz > (bfd_size_type) bfd_get_size (abfd))
-	return FALSE;
-
       if (p == NULL)
 	{
 	  p = (bfd_byte *) bfd_malloc (sz);
diff --git a/bfd/elf.c b/bfd/elf.c
index 7cc0ce1..9c4dcdf 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -294,11 +294,6 @@ bfd_elf_get_str_section (bfd *abfd, unsigned int shindex)
       offset = i_shdrp[shindex]->sh_offset;
       shstrtabsize = i_shdrp[shindex]->sh_size;
 
-      /* PR binutils/17512: Do not even try to load
-	 a string table bigger than the entire file...  */
-      if (shstrtabsize >= (bfd_size_type) bfd_get_size (abfd))
-	return NULL;
-
       /* Allocate and clear an extra byte at the end, to prevent crashes
 	 in case the string table is not terminated.  */
       if (shstrtabsize + 1 <= 1
diff --git a/bfd/tekhex.c b/bfd/tekhex.c
index 85f5593..2220d50 100644
--- a/bfd/tekhex.c
+++ b/bfd/tekhex.c
@@ -403,9 +403,6 @@ first_phase (bfd *abfd, int type, char *src)
 	      if (!getvalue (&src, &val))
 		return FALSE;
 	      section->size = val - section->vma;
-	      /* PR binutils/17512: Make sure that the size is sane.  */
-	      if (section->size > (bfd_size_type) bfd_get_size (abfd))
-		return FALSE;
 	      section->flags = SEC_HAS_CONTENTS | SEC_LOAD | SEC_ALLOC;
 	      break;
 	    case '0':


-- 
Alan Modra
Australia Development Lab, IBM



More information about the Binutils mailing list