FreeChainXenon/binutils-gdb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Prevent illegal memory accesses when attempting to read excessively large COFF line number tables.

Browse source 
PR 22376
	* coffcode.h (coff_slurp_line_table): Check for an excessively
	large line number count.
This commit is contained in:
Nick Clifton 2017-11-01 15:21:46 +00:00
parent e0115a8446
commit a67d66eb97
2 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
bfd/ChangeLog
View file

@ -1,3 +1,9 @@
2017-11-01 Nick Clifton <nickc@redhat.com>
PR 22376
* coffcode.h (coff_slurp_line_table): Check for an excessively
large line number count.
2017-11-01 Nick Clifton <nickc@redhat.com> 2017-11-01 Nick Clifton <nickc@redhat.com>
PR 22373 PR 22373

8
bfd/coffcode.h
View file

@ -4578,6 +4578,14 @@ coff_slurp_line_table (bfd *abfd, asection *asect)
BFD_ASSERT (asect->lineno == NULL); BFD_ASSERT (asect->lineno == NULL);
if (asect->lineno_count > asect->size)
{
_bfd_error_handler
(_("%B: warning: line number count (%#lx) exceeds section size (%#lx)"),
abfd, (unsigned long) asect->lineno_count, (unsigned long) asect->size);
return FALSE;
}
amt = ((bfd_size_type) asect->lineno_count + 1) * sizeof (alent); amt = ((bfd_size_type) asect->lineno_count + 1) * sizeof (alent);
lineno_cache = (alent *) bfd_alloc (abfd, amt); lineno_cache = (alent *) bfd_alloc (abfd, amt);
if (lineno_cache == NULL) if (lineno_cache == NULL)