OpenE2K/binutils-gdb
12
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

asan: wasm: Out-of-memory

Browse Source 
* wasm-module.c (wasm_scan): Sanity check file name length
	before allocating memory.  Move common section setup code.  Do
	without bfd_tell to calculate section size.
This commit is contained in:
Alan Modra 2020-03-09 09:33:49 +10:30
parent e63ee24f98
commit 2f57795b8b
2 changed files with 21 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bfd/ChangeLog
View File

@ -1,3 +1,9 @@
2020-03-09 Alan Modra <amodra@gmail.com>
* wasm-module.c (wasm_scan): Sanity check file name length
before allocating memory. Move common section setup code. Do
without bfd_tell to calculate section size.
2020-03-06 Nick Clifton <nickc@redhat.com> 2020-03-06 Nick Clifton <nickc@redhat.com>
* elf.c (_bfd_elf_set_section_contents): Replace call to abort * elf.c (_bfd_elf_set_section_contents): Replace call to abort

27
bfd/wasm-module.c
View File

@ -406,30 +406,33 @@ wasm_scan (bfd *abfd)
if (bfdsec == NULL) if (bfdsec == NULL)
goto error_return; goto error_return;
bfdsec->vma = vma;
bfdsec->lma = vma;
bfdsec->size = wasm_read_leb128 (abfd, &error, &bytes_read, FALSE); bfdsec->size = wasm_read_leb128 (abfd, &error, &bytes_read, FALSE);
if (error) if (error)
goto error_return; goto error_return;
bfdsec->filepos = bfd_tell (abfd);
bfdsec->alignment_power = 0;
} }
else else
{ {
bfd_vma payload_len; bfd_vma payload_len;
file_ptr section_start;
bfd_vma namelen; bfd_vma namelen;
char *name; char *name;
char *prefix = WASM_SECTION_PREFIX; char *prefix = WASM_SECTION_PREFIX;
size_t prefixlen = strlen (prefix); size_t prefixlen = strlen (prefix);
ufile_ptr filesize;
payload_len = wasm_read_leb128 (abfd, &error, &bytes_read, FALSE); payload_len = wasm_read_leb128 (abfd, &error, &bytes_read, FALSE);
if (error) if (error)
goto error_return; goto error_return;
section_start = bfd_tell (abfd);
namelen = wasm_read_leb128 (abfd, &error, &bytes_read, FALSE); namelen = wasm_read_leb128 (abfd, &error, &bytes_read, FALSE);
if (error || namelen > payload_len) if (error || bytes_read > payload_len
|| namelen > payload_len - bytes_read)
goto error_return; goto error_return;
payload_len -= namelen + bytes_read;
filesize = bfd_get_file_size (abfd);
if (filesize != 0 && namelen > filesize)
{
bfd_set_error (bfd_error_file_truncated);
return FALSE;
}
name = bfd_alloc (abfd, namelen + prefixlen + 1); name = bfd_alloc (abfd, namelen + prefixlen + 1);
if (!name) if (!name)
goto error_return; goto error_return;
@ -443,13 +446,13 @@ wasm_scan (bfd *abfd)
if (bfdsec == NULL) if (bfdsec == NULL)
goto error_return; goto error_return;
bfdsec->vma = vma; bfdsec->size = payload_len;
bfdsec->lma = vma;
bfdsec->filepos = bfd_tell (abfd);
bfdsec->size = section_start + payload_len - bfdsec->filepos;
bfdsec->alignment_power = 0;
} }
bfdsec->vma = vma;
bfdsec->lma = vma;
bfdsec->alignment_power = 0;
bfdsec->filepos = bfd_tell (abfd);
if (bfdsec->size != 0) if (bfdsec->size != 0)
{ {
bfdsec->contents = _bfd_alloc_and_read (abfd, bfdsec->size, bfdsec->contents = _bfd_alloc_and_read (abfd, bfdsec->size,