43 lines
1.4 KiB
Diff
43 lines
1.4 KiB
Diff
From 11fa9f134fd658075c6f74499c780df045d9e9ca Mon Sep 17 00:00:00 2001
|
|
From: Nick Clifton <nickc@redhat.com>
|
|
Date: Fri, 4 Jan 2019 13:44:34 +0000
|
|
Subject: [PATCH] Fix a possible integer overflow problem when examining
|
|
corrupt binaries using a 32-bit binutil.
|
|
|
|
PR 24005
|
|
* objdump.c (load_specific_debug_section): Check for integer
|
|
overflow before attempting to allocate contents.
|
|
---
|
|
binutils/objdump.c | 13 ++++++++++---
|
|
1 files changed, 10 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/binutils/objdump.c b/binutils/objdump.c
|
|
index 220d93a..f1e6d2e 100644
|
|
--- a/binutils/objdump.c
|
|
+++ b/binutils/objdump.c
|
|
@@ -2539,12 +2539,19 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
|
|
section->reloc_info = NULL;
|
|
section->num_relocs = 0;
|
|
section->address = bfd_get_section_vma (abfd, sec);
|
|
+ section->user_data = sec;
|
|
section->size = bfd_get_section_size (sec);
|
|
amt = section->size + 1;
|
|
+ if (amt == 0 || amt > bfd_get_file_size (abfd))
|
|
+ {
|
|
+ section->start = NULL;
|
|
+ free_debug_section (debug);
|
|
+ printf (_("\nSection '%s' has an invalid size: %#llx.\n"),
|
|
+ section->name, (unsigned long long) section->size);
|
|
+ return FALSE;
|
|
+ }
|
|
section->start = contents = malloc (amt);
|
|
- section->user_data = sec;
|
|
- if (amt == 0
|
|
- || section->start == NULL
|
|
+ if (section->start == NULL
|
|
|| !bfd_get_full_section_contents (abfd, sec, &contents))
|
|
{
|
|
free_debug_section (debug);
|
|
--
|
|
2.9.3
|