Prevent an over large memory allocation in readelf when parsing a corrupt DWARF file.

author Nick Clifton <nickc@redhat.com>

Tue, 14 Mar 2023 13:15:12 +0000 (13:15 +0000)

committer Nick Clifton <nickc@redhat.com>

Tue, 14 Mar 2023 13:15:12 +0000 (13:15 +0000)
author Nick Clifton <nickc@redhat.com>
Tue, 14 Mar 2023 13:15:12 +0000 (13:15 +0000)
committer Nick Clifton <nickc@redhat.com>
Tue, 14 Mar 2023 13:15:12 +0000 (13:15 +0000)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog

index 94099d7940f65e0f760d1884be7c62859be7233c..10718ab1d67b6d00fe16d2f077e80b11c3df799d 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2023-03-14  Nick Clifton  <nickc@redhat.com>
+
+       PR 30227
+       * dwarf.c (process_cu_tu_index): Prevent excessive memory
+       allocation when nused is large and ncols is zero.
+
  2023-02-09  Tom Tromey  <tromey@adacore.com>
  
         * dwarf-mode.el: Bump version to 1.8.
diff --git a/binutils/dwarf.c b/binutils/dwarf.c

index a4799f0198c1ba6bdfaae28a2db88d1c2a6e4284..89b0b80d9490876ef66e135d36dc95df7e6048a0 100644 (file)
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -10912,6 +10912,9 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
        if (nused == -1u
           || _mul_overflow ((size_t) ncols, 4, &temp)
           || _mul_overflow ((size_t) nused + 1, temp, &total)
+         || total > (size_t) (limit - ppool)
+         /* PR 30227: ncols could be 0.  */
+         || _mul_overflow ((size_t) nused + 1, 4, &total)
           || total > (size_t) (limit - ppool))
         {
           warn (_("Section %s too small for offset and size tables\n"),
author	Nick Clifton <nickc@redhat.com>
	Tue, 14 Mar 2023 13:15:12 +0000 (13:15 +0000)
committer	Nick Clifton <nickc@redhat.com>
	Tue, 14 Mar 2023 13:15:12 +0000 (13:15 +0000)
binutils/ChangeLog		patch \| blob \| history
binutils/dwarf.c		patch \| blob \| history