17 lines
748 B
Diff
17 lines
748 B
Diff
--- a/bfd/elfcode.h 2018-06-25 02:38:57.000000000 +0800
|
|
+++ b/bfd/elfcode.h 2019-04-04 12:04:52.258000000 +0800
|
|
@@ -776,7 +776,12 @@ elf_object_p (bfd *abfd)
|
|
if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr))
|
|
goto got_wrong_format_error;
|
|
#endif
|
|
- amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr);
|
|
+ /* Check for a corrupt input file with an impossibly large number
|
|
+ of program headers. */
|
|
+ if (bfd_get_file_size (abfd) > 0
|
|
+ && i_ehdrp->e_phnum > bfd_get_file_size (abfd))
|
|
+ goto got_no_match;
|
|
+ amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr);
|
|
elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt);
|
|
if (elf_tdata (abfd)->phdr == NULL)
|
|
goto got_no_match;
|