+2020-08-03 Alan Modra <amodra@gmail.com>
+
+ PR 26330
+ * elf.c (_bfd_elf_get_symtab_upper_bound): Sanity check symbol table
+ size against file size. Correct LONG_MAX limit check.
+ (_bfd_elf_get_dynamic_symtab_upper_bound): Likewise.
+ (_bfd_elf_get_reloc_upper_bound): Don't check file size if writing.
+ (_bfd_elf_get_dynamic_reloc_upper_bound): Likewise.
+ * elf64-x86-64-.c (elf_x86_64_get_synthetic_symtab): Use
+ bfd_malloc_and_get_section.
+
2020-07-31 Alan Modra <amodra@gmail.com>
PR 26314
Elf_Internal_Shdr *hdr = &elf_tdata (abfd)->symtab_hdr;
symcount = hdr->sh_size / get_elf_backend_data (abfd)->s->sizeof_sym;
- if (symcount >= LONG_MAX / sizeof (asymbol *))
+ if (symcount > LONG_MAX / sizeof (asymbol *))
{
bfd_set_error (bfd_error_file_too_big);
return -1;
}
- symtab_size = (symcount + 1) * (sizeof (asymbol *));
- if (symcount > 0)
- symtab_size -= sizeof (asymbol *);
+ symtab_size = symcount * (sizeof (asymbol *));
+ if (symcount == 0)
+ symtab_size = sizeof (asymbol *);
+ else if (!bfd_write_p (abfd))
+ {
+ ufile_ptr filesize = bfd_get_file_size (abfd);
+
+ if (filesize != 0 && (unsigned long) symtab_size > filesize)
+ {
+ bfd_set_error (bfd_error_file_truncated);
+ return -1;
+ }
+ }
return symtab_size;
}
}
symcount = hdr->sh_size / get_elf_backend_data (abfd)->s->sizeof_sym;
- if (symcount >= LONG_MAX / sizeof (asymbol *))
+ if (symcount > LONG_MAX / sizeof (asymbol *))
{
bfd_set_error (bfd_error_file_too_big);
return -1;
}
- symtab_size = (symcount + 1) * (sizeof (asymbol *));
- if (symcount > 0)
- symtab_size -= sizeof (asymbol *);
+ symtab_size = symcount * (sizeof (asymbol *));
+ if (symcount == 0)
+ symtab_size = sizeof (asymbol *);
+ else if (!bfd_write_p (abfd))
+ {
+ ufile_ptr filesize = bfd_get_file_size (abfd);
+
+ if (filesize != 0 && (unsigned long) symtab_size > filesize)
+ {
+ bfd_set_error (bfd_error_file_truncated);
+ return -1;
+ }
+ }
return symtab_size;
}
long
_bfd_elf_get_reloc_upper_bound (bfd *abfd, sec_ptr asect)
{
- if (asect->reloc_count != 0)
+ if (asect->reloc_count != 0 && !bfd_write_p (abfd))
{
/* Sanity check reloc section size. */
struct bfd_elf_section_data *d = elf_section_data (asect);
return -1;
}
}
- if (count > 1)
+ if (count > 1 && !bfd_write_p (abfd))
{
/* Sanity check reloc section sizes. */
ufile_ptr filesize = bfd_get_file_size (abfd);
continue;
/* Get the PLT section contents. */
- plt_contents = (bfd_byte *) bfd_malloc (plt->size);
- if (plt_contents == NULL)
+ if (!bfd_malloc_and_get_section (abfd, plt, &plt_contents))
break;
- if (!bfd_get_section_contents (abfd, (asection *) plt,
- plt_contents, 0, plt->size))
- {
- free (plt_contents);
- break;
- }
/* Check what kind of PLT it is. */
plt_type = plt_unknown;
projects / binutils-gdb.git / commitdiff