PR 22809
* elf.c (bfd_elf_get_str_section): Check for an excessively large
string section.
* elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
attribute section is larger than the size of the file.
+2018-05-08 Nick Clifton <nickc@redhat.com>
+
+ PR 22809
+ * elf.c (bfd_elf_get_str_section): Check for an excessively large
+ string section.
+ * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
+ attribute section is larger than the size of the file.
+
2018-05-07 Alan Modra <amodra@gmail.com>
* cofflink.c (_bfd_coff_link_input_bfd): Use memcmp rather than
/* PR 17512: file: 2844a11d. */
if (hdr->sh_size == 0)
return;
+ if (hdr->sh_size > bfd_get_file_size (abfd))
+ {
+ /* xgettext:c-format */
+ _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"),
+ abfd, hdr->bfd_section, (long long) hdr->sh_size);
+ bfd_set_error (bfd_error_invalid_operation);
+ return;
+ }
+
contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1);
if (!contents)
return;
/* Allocate and clear an extra byte at the end, to prevent crashes
in case the string table is not terminated. */
if (shstrtabsize + 1 <= 1
+ || shstrtabsize > bfd_get_file_size (abfd)
|| bfd_seek (abfd, offset, SEEK_SET) != 0
|| (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL)
shstrtab = NULL;
projects / binutils-gdb.git / commitdiff