Stop objdump from attempting to allocate a huge chunk of memory when parsing relocs in a corrupt file.
PR 22508 * objdump.c (dump_relocs_in_section): Also check the section's relocation count to make sure that it is reasonable before attempting to allocate space for the relocs.
This commit is contained in:
Nick Clifton
parent
08f650e6b6
commit
d785b7d4b8
2 changed files with 17 additions and 1 deletions
|
|
@ -3427,7 +3427,16 @@ dump_relocs_in_section (bfd *abfd,
|
|||
}
|
||||
|
||||
if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
|
||||
&& (ufile_ptr) relsize > bfd_get_file_size (abfd))
|
||||
&& (((ufile_ptr) relsize > bfd_get_file_size (abfd))
|
||||
/* Also check the section's reloc count since if this is negative
|
||||
(or very large) the computation in bfd_get_reloc_upper_bound
|
||||
may have resulted in returning a small, positive integer.
|
||||
See PR 22508 for a reproducer.
|
||||
|
||||
Note - we check against file size rather than section size as
|
||||
it is possible for there to be more relocs that apply to a
|
||||
section than there are bytes in that section. */
|
||||
|| (section->reloc_count > bfd_get_file_size (abfd))))
|
||||
{
|
||||
printf (" (too many: 0x%x)\n", section->reloc_count);
|
||||
bfd_set_error (bfd_error_file_truncated);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue