Prevent attempts to allocate excessive amounts of memory when parsing corrupt ELF files.
PR 24708 * elf.c (_bfd_elf_slurp_version_tables): Check for an excessively large version reference section. * compress.c (bfd_get_full_section_contents): Check for an uncompressed section whose size is larger than the file size.
This commit is contained in:
parent
781152ec18
commit
7e56c51c79
|
@ -1,3 +1,11 @@
|
|||
2019-06-28 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
PR 24708
|
||||
* elf.c (_bfd_elf_slurp_version_tables): Check for an excessively
|
||||
large version reference section.
|
||||
* compress.c (bfd_get_full_section_contents): Check for an
|
||||
uncompressed section whose size is larger than the file size.
|
||||
|
||||
2019-06-28 Alan Modra <amodra@gmail.com>
|
||||
|
||||
* format.c (bfd_check_format_matches): Don't match plugin target
|
||||
|
|
|
@ -250,6 +250,23 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr)
|
|||
case COMPRESS_SECTION_NONE:
|
||||
if (p == NULL)
|
||||
{
|
||||
ufile_ptr filesize = bfd_get_file_size (abfd);
|
||||
if (filesize > 0
|
||||
&& filesize < sz
|
||||
/* The MMO file format supports its own special compression
|
||||
technique, but it uses COMPRESS_SECTION_NONE when loading
|
||||
a section's contents. */
|
||||
&& bfd_get_flavour (abfd) != bfd_target_mmo_flavour)
|
||||
{
|
||||
/* PR 24708: Avoid attempts to allocate a ridiculous amount
|
||||
of memory. */
|
||||
bfd_set_error (bfd_error_no_memory);
|
||||
_bfd_error_handler
|
||||
/* xgettext:c-format */
|
||||
(_("error: %pB(%pA) section size (%#" PRIx64 " bytes) is larger than file size (%#" PRIx64 " bytes)"),
|
||||
abfd, sec, (uint64_t) sz, (uint64_t) filesize);
|
||||
return FALSE;
|
||||
}
|
||||
p = (bfd_byte *) bfd_malloc (sz);
|
||||
if (p == NULL)
|
||||
{
|
||||
|
|
12
bfd/elf.c
12
bfd/elf.c
|
@ -8443,6 +8443,18 @@ error_return_verref:
|
|||
goto error_return;
|
||||
}
|
||||
|
||||
ufile_ptr filesize = bfd_get_file_size (abfd);
|
||||
if (filesize > 0 && filesize < hdr->sh_size)
|
||||
{
|
||||
/* PR 24708: Avoid attempts to allocate a ridiculous amount
|
||||
of memory. */
|
||||
bfd_set_error (bfd_error_no_memory);
|
||||
_bfd_error_handler
|
||||
/* xgettext:c-format */
|
||||
(_("error: %pB version reference section is too large (%#" PRIx64 " bytes)"),
|
||||
abfd, (uint64_t) hdr->sh_size);
|
||||
goto error_return_verref;
|
||||
}
|
||||
contents = (bfd_byte *) bfd_malloc (hdr->sh_size);
|
||||
if (contents == NULL)
|
||||
goto error_return_verref;
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
|
||||
PR 24707
|
||||
* objdump.c (slurp_symtab): Fail with a helpful error message if
|
||||
the symbol table is too large.
|
||||
the symbol table is too large. Skip this check for MMO format
|
||||
files.
|
||||
|
||||
2019-06-26 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
|
|
|
@ -708,7 +708,11 @@ slurp_symtab (bfd *abfd)
|
|||
off_t filesize = bfd_get_file_size (abfd);
|
||||
|
||||
/* qv PR 24707. */
|
||||
if (filesize > 0 && filesize < storage)
|
||||
if (filesize > 0
|
||||
&& filesize < storage
|
||||
/* The MMO file format supports its own special compression
|
||||
technique, so its sections can be larger than the file size. */
|
||||
&& bfd_get_flavour (abfd) != bfd_target_mmo_flavour)
|
||||
{
|
||||
bfd_nonfatal_message (bfd_get_filename (abfd), abfd, NULL,
|
||||
_("error: symbol table size (%#lx) is larger than filesize (%#lx)"),
|
||||
|
|
Loading…
Reference in New Issue