From: Nick Clifton Date: Tue, 28 Nov 2017 18:00:29 +0000 (+0000) Subject: Prevent a memory exhaustion problem when trying to read in strings from a COFF binary... X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=b0029dce6867de1a2828293177b0e030d2f0f03c;p=binutils-gdb.git Prevent a memory exhaustion problem when trying to read in strings from a COFF binary with a corrupt string table size. PR 22507 * coffgen.c (_bfd_coff_read_string_table): Check for an excessive size of the external string table. --- diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 13ff8ad242e..e8d75635930 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2017-11-28 Nick Clifton + + PR 22507 + * coffgen.c (_bfd_coff_read_string_table): Check for an excessive + size of the external string table. + 2017-11-28 Nick Clifton PR 22506 diff --git a/bfd/coffgen.c b/bfd/coffgen.c index 81efd9b3724..7798dfcff00 100644 --- a/bfd/coffgen.c +++ b/bfd/coffgen.c @@ -1718,7 +1718,7 @@ _bfd_coff_read_string_table (bfd *abfd) #endif } - if (strsize < STRING_SIZE_SIZE) + if (strsize < STRING_SIZE_SIZE || strsize > bfd_get_file_size (abfd)) { _bfd_error_handler /* xgettext: c-format */ @@ -1726,7 +1726,7 @@ _bfd_coff_read_string_table (bfd *abfd) bfd_set_error (bfd_error_bad_value); return NULL; } - + strings = (char *) bfd_malloc (strsize + 1); if (strings == NULL) return NULL;