| From 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd Mon Sep 17 00:00:00 2001 |
| From: Nick Clifton <nickc@redhat.com> |
| Date: Wed, 21 Dec 2022 11:51:23 +0000 |
| Subject: [PATCH] Fix an attempt to allocate an unreasonably large amount of |
| memory when parsing a corrupt ELF file. |
| |
| PR 29924 |
| * objdump.c (load_specific_debug_section): Check for excessively |
| large sections. |
| --- |
| binutils/ChangeLog | 6 ++++++ |
| binutils/objdump.c | 4 +++- |
| 2 files changed, 9 insertions(+), 1 deletion(-) |
| |
| diff --git a/binutils/objdump.c b/binutils/objdump.c |
| index d51abbe3858..2eb02de0e76 100644 |
| --- a/binutils/objdump.c |
| +++ b/binutils/objdump.c |
| @@ -4225,7 +4225,9 @@ load_specific_debug_section (enum dwarf_section_display_enum debug, |
| section->size = bfd_section_size (sec); |
| /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */ |
| alloced = amt = section->size + 1; |
| - if (alloced != amt || alloced == 0) |
| + if (alloced != amt |
| + || alloced == 0 |
| + || (bfd_get_size (abfd) != 0 && alloced >= bfd_get_size (abfd))) |
| { |
| section->start = NULL; |
| free_debug_section (debug); |
| -- |
| 2.39.3 |
| |