Fix a possible integer overflow problem when examining corrupt binaries using a 32-bit binutil.
PR 24005 * objdump.c (load_specific_debug_section): Check for integer overflow before attempting to allocate contents.
This commit is contained in:
parent
cf0ad5bbf2
commit
11fa9f134f
|
@ -1,3 +1,9 @@
|
|||
2019-01-04 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
PR 24005
|
||||
* objdump.c (load_specific_debug_section): Check for integer
|
||||
overflow before attempting to allocate contents.
|
||||
|
||||
2019-01-04 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
PR 24001
|
||||
|
@ -6,6 +12,7 @@
|
|||
* objdump.c (dump_bfd): Free dhandle after printing out the debug
|
||||
information.
|
||||
|
||||
|
||||
2019-01-01 Alan Modra <amodra@gmail.com>
|
||||
|
||||
Update year range in copyright notice of all files.
|
||||
|
|
|
@ -2539,12 +2539,19 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
|
|||
section->reloc_info = NULL;
|
||||
section->num_relocs = 0;
|
||||
section->address = bfd_get_section_vma (abfd, sec);
|
||||
section->user_data = sec;
|
||||
section->size = bfd_get_section_size (sec);
|
||||
amt = section->size + 1;
|
||||
if (amt == 0 || amt > bfd_get_file_size (abfd))
|
||||
{
|
||||
section->start = NULL;
|
||||
free_debug_section (debug);
|
||||
printf (_("\nSection '%s' has an invalid size: %#llx.\n"),
|
||||
section->name, (unsigned long long) section->size);
|
||||
return FALSE;
|
||||
}
|
||||
section->start = contents = malloc (amt);
|
||||
section->user_data = sec;
|
||||
if (amt == 0
|
||||
|| section->start == NULL
|
||||
if (section->start == NULL
|
||||
|| !bfd_get_full_section_contents (abfd, sec, &contents))
|
||||
{
|
||||
free_debug_section (debug);
|
||||
|
|
Loading…
Reference in New Issue