81 lines
3.1 KiB
Diff
81 lines
3.1 KiB
Diff
From 60a02042bacf8d25814430080adda61ed086bca6 Mon Sep 17 00:00:00 2001
|
|
From: Nick Clifton <nickc@redhat.com>
|
|
Date: Fri, 30 Jun 2017 11:03:37 +0100
|
|
Subject: [PATCH] Fix failures in MMIX linker tests introduced by fix for PR
|
|
21665.
|
|
|
|
PR binutils/21665
|
|
* objdump.c (disassemble_section): Move check for an overlarge
|
|
section to just before the allocation of memory. Do not check
|
|
section size against file size, but instead use an arbitrary 2Gb
|
|
limit. Issue a warning message if the section is too big.
|
|
|
|
Upstream-Status: Backport
|
|
CVE: CVE-2017-9955 #7
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
|
|
---
|
|
binutils/ChangeLog | 8 ++++++++
|
|
binutils/objdump.c | 25 ++++++++++++++++++++++++-
|
|
2 files changed, 32 insertions(+), 1 deletion(-)
|
|
|
|
Index: git/binutils/objdump.c
|
|
===================================================================
|
|
--- git.orig/binutils/objdump.c
|
|
+++ git/binutils/objdump.c
|
|
@@ -2048,7 +2048,7 @@ disassemble_section (bfd *abfd, asection
|
|
return;
|
|
|
|
datasize = bfd_get_section_size (section);
|
|
- if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd))
|
|
+ if (datasize == 0)
|
|
return;
|
|
|
|
if (start_address == (bfd_vma) -1
|
|
@@ -2112,6 +2112,29 @@ disassemble_section (bfd *abfd, asection
|
|
}
|
|
rel_ppend = rel_pp + rel_count;
|
|
|
|
+ /* PR 21665: Check for overlarge datasizes.
|
|
+ Note - we used to check for "datasize > bfd_get_file_size (abfd)" but
|
|
+ this fails when using compressed sections or compressed file formats
|
|
+ (eg MMO, tekhex).
|
|
+
|
|
+ The call to xmalloc below will fail if too much memory is requested,
|
|
+ which will catch the problem in the normal use case. But if a memory
|
|
+ checker is in use, eg valgrind or sanitize, then an exception will
|
|
+ be still generated, so we try to catch the problem first.
|
|
+
|
|
+ Unfortunately there is no simple way to determine how much memory can
|
|
+ be allocated by calling xmalloc. So instead we use a simple, arbitrary
|
|
+ limit of 2Gb. Hopefully this should be enough for most users. If
|
|
+ someone does start trying to disassemble sections larger then 2Gb in
|
|
+ size they will doubtless complain and we can increase the limit. */
|
|
+#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */
|
|
+ if (datasize > MAX_XMALLOC)
|
|
+ {
|
|
+ non_fatal (_("Reading section %s failed because it is too big (%#lx)"),
|
|
+ section->name, (unsigned long) datasize);
|
|
+ return;
|
|
+ }
|
|
+
|
|
data = (bfd_byte *) xmalloc (datasize);
|
|
|
|
bfd_get_section_contents (abfd, section, data, 0, datasize);
|
|
Index: git/binutils/ChangeLog
|
|
===================================================================
|
|
--- git.orig/binutils/ChangeLog
|
|
+++ git/binutils/ChangeLog
|
|
@@ -1,3 +1,11 @@
|
|
+2017-06-30 Nick Clifton <nickc@redhat.com>
|
|
+
|
|
+ PR binutils/21665
|
|
+ * objdump.c (disassemble_section): Move check for an overlarge
|
|
+ section to just before the allocation of memory. Do not check
|
|
+ section size against file size, but instead use an arbitrary 2Gb
|
|
+ limit. Issue a warning message if the section is too big.
|
|
+
|
|
2017-06-26 Nick Clifton <nickc@redhat.com>
|
|
|
|
PR binutils/21665
|