From: Alan Modra Date: Sun, 1 Mar 2020 23:45:36 +0000 (+1030) Subject: alpha-coff: large memory allocation X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=7d4b2d2d29e2fc3af14d14412845615cc994cf91;p=binutils-gdb.git alpha-coff: large memory allocation * coff-alpha.c (alpha_ecoff_get_elt_at_filepos): Provide an upper limit to decompressed element size. --- diff --git a/bfd/ChangeLog b/bfd/ChangeLog index d37c2cd98d9..683bcfed85c 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2020-03-02 Alan Modra + + * coff-alpha.c (alpha_ecoff_get_elt_at_filepos): Provide an upper + limit to decompressed element size. + 2020-03-02 Alan Modra * vms-lib.c (vms_traverse_index): Add recur_count param and diff --git a/bfd/coff-alpha.c b/bfd/coff-alpha.c index 4b39bcc999d..9a3ac089a67 100644 --- a/bfd/coff-alpha.c +++ b/bfd/coff-alpha.c @@ -2050,6 +2050,7 @@ alpha_ecoff_get_elt_at_filepos (bfd *archive, file_ptr filepos) bfd_size_type size; bfd_byte *buf, *p; struct bfd_in_memory *bim; + ufile_ptr filesize; buf = NULL; nbfd = _bfd_get_elt_at_filepos (archive, filepos); @@ -2083,6 +2084,14 @@ alpha_ecoff_get_elt_at_filepos (bfd *archive, file_ptr filepos) goto error_return; size = H_GET_64 (nbfd, ab); + /* The decompression algorithm will at most expand by eight times. */ + filesize = bfd_get_file_size (archive); + if (filesize != 0 && size / 8 > filesize) + { + bfd_set_error (bfd_error_malformed_archive); + goto error_return; + } + if (size != 0) { bfd_size_type left;