GNU Binutils with patches for OS216
| 修訂 | b0029dce6867de1a2828293177b0e030d2f0f03c (tree) |
|---|---|
| 時間 | 2017-11-29 03:00:29 |
| 作者 | Nick Clifton <nickc@redh...> |
| Commiter | Nick Clifton |
Prevent a memory exhaustion problem when trying to read in strings from a COFF binary with a corrupt string table size.
PR 22507
* coffgen.c (_bfd_coff_read_string_table): Check for an excessive
size of the external string table.
bfd/ChangeLog (diff)
bfd/coffgen.c (diff)| @@ -1,5 +1,11 @@ | ||
| 1 | 1 | 2017-11-28 Nick Clifton <nickc@redhat.com> |
| 2 | 2 | |
| 3 | + PR 22507 | |
| 4 | + * coffgen.c (_bfd_coff_read_string_table): Check for an excessive | |
| 5 | + size of the external string table. | |
| 6 | + | |
| 7 | +2017-11-28 Nick Clifton <nickc@redhat.com> | |
| 8 | + | |
| 3 | 9 | PR 22506 |
| 4 | 10 | * reloc.c (reloc_offset_in_range): Rename to |
| 5 | 11 | bfd_reloc_offset_in_range and export. |
| @@ -1718,7 +1718,7 @@ _bfd_coff_read_string_table (bfd *abfd) | ||
| 1718 | 1718 | #endif |
| 1719 | 1719 | } |
| 1720 | 1720 | |
| 1721 | - if (strsize < STRING_SIZE_SIZE) | |
| 1721 | + if (strsize < STRING_SIZE_SIZE || strsize > bfd_get_file_size (abfd)) | |
| 1722 | 1722 | { |
| 1723 | 1723 | _bfd_error_handler |
| 1724 | 1724 | /* xgettext: c-format */ |
| @@ -1726,7 +1726,7 @@ _bfd_coff_read_string_table (bfd *abfd) | ||
| 1726 | 1726 | bfd_set_error (bfd_error_bad_value); |
| 1727 | 1727 | return NULL; |
| 1728 | 1728 | } |
| 1729 | - | |
| 1729 | + | |
| 1730 | 1730 | strings = (char *) bfd_malloc (strsize + 1); |
| 1731 | 1731 | if (strings == NULL) |
| 1732 | 1732 | return NULL; |
alaskanemily
Fork