projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b7563b2)
PR26337, Malloc size error in objdump
authorAlan Modra <amodra@gmail.com>
Wed, 5 Aug 2020 00:33:00 +0000 (10:03 +0930)
committerAlan Modra <amodra@gmail.com>
Wed, 5 Aug 2020 01:04:05 +0000 (10:34 +0930)
A malloc failure triggered by a fuzzed object file isn't a real
problem unless objdump doesn't exit cleanly after the failure, which
it does.  However we have bfd_malloc_and_get_section to sanity check
size of uncompressed sections before allocating memory.  Use it.

PR 26337
* objdump.c (load_specific_debug_section): Don't malloc space for
section contents, use bfd_malloc_and_get_section.

binutils/ChangeLog patch | blob | history
binutils/objdump.c patch | blob | history

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index acd04df6860649e252260e463a94be1b357a9df0..a924ae2618dfd9c5f00d71a34859bd5b23de0233 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2020-08-05  Alan Modra  <amodra@gmail.com>
+
+       PR 26337
+       * objdump.c (load_specific_debug_section): Don't malloc space for
+       section contents, use bfd_malloc_and_get_section.
+
 2020-07-30  Rainer Orth  <ro@CeBiTec.Uni-Bielefeld.DE>
 
        * Makefile.am (AM_CPPFLAGS): Add LARGEFILE_CPPFLAGS.
diff --git a/binutils/objdump.c b/binutils/objdump.c
index 79ef05185637ecddbe0514c17ae34699ebddc8db..1b48cd3efdc9c19e80a79663ba814f16abc2a96a 100644 (file)
--- a/binutils/objdump.c
+++ b/binutils/objdump.c
@@ -3545,6 +3545,7 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
       if (streq (section->filename, bfd_get_filename (abfd)))
        return TRUE;
       free (section->start);
+      section->start = NULL;
     }
 
   section->filename = bfd_get_filename (abfd);
@@ -3557,22 +3558,20 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
   alloced = amt = section->size + 1;
   if (alloced != amt || alloced == 0)
     {
-      section->start = NULL;
       free_debug_section (debug);
       printf (_("\nSection '%s' has an invalid size: %#llx.\n"),
              sanitize_string (section->name),
              (unsigned long long) section->size);
       return FALSE;
     }
-  section->start = contents = malloc (alloced);
-  if (section->start == NULL
-      || !bfd_get_full_section_contents (abfd, sec, &contents))
+  if (!bfd_malloc_and_get_section (abfd, sec, &contents))
     {
       free_debug_section (debug);
       printf (_("\nCan't get contents for section '%s'.\n"),
              sanitize_string (section->name));
       return FALSE;
     }
+  section->start = contents;
   /* Ensure any string section has a terminating NUL.  */
   section->start[section->size] = 0;