Stop objdump from attempting to allocate a huge chunk of memory when parsing relocs in a corrupt file.
PR 22508 * objdump.c (dump_relocs_in_section): Also check the section's relocation count to make sure that it is reasonable before attempting to allocate space for the relocs.
This commit is contained in:
parent
08f650e6b6
commit
d785b7d4b8
@ -1,3 +1,10 @@
|
||||
2017-11-29 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
PR 22508
|
||||
* objdump.c (dump_relocs_in_section): Also check the section's
|
||||
relocation count to make sure that it is reasonable before
|
||||
attempting to allocate space for the relocs.
|
||||
|
||||
2017-11-29 Stefan Stroe <stroestefan@gmail.com>
|
||||
|
||||
* po/Make-in (datadir): Define as @datadir@.
|
||||
|
||||
@ -3427,7 +3427,16 @@ dump_relocs_in_section (bfd *abfd,
|
||||
}
|
||||
|
||||
if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
|
||||
&& (ufile_ptr) relsize > bfd_get_file_size (abfd))
|
||||
&& (((ufile_ptr) relsize > bfd_get_file_size (abfd))
|
||||
/* Also check the section's reloc count since if this is negative
|
||||
(or very large) the computation in bfd_get_reloc_upper_bound
|
||||
may have resulted in returning a small, positive integer.
|
||||
See PR 22508 for a reproducer.
|
||||
|
||||
Note - we check against file size rather than section size as
|
||||
it is possible for there to be more relocs that apply to a
|
||||
section than there are bytes in that section. */
|
||||
|| (section->reloc_count > bfd_get_file_size (abfd))))
|
||||
{
|
||||
printf (" (too many: 0x%x)\n", section->reloc_count);
|
||||
bfd_set_error (bfd_error_file_truncated);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user