188 lines
6.3 KiB
Diff
188 lines
6.3 KiB
Diff
From bae7501e87ab614115d9d3213b4dd18d96e604db Mon Sep 17 00:00:00 2001
|
|
From: Alan Modra <amodra@gmail.com>
|
|
Date: Sat, 1 Jul 2017 21:58:10 +0930
|
|
Subject: [PATCH] Use bfd_malloc_and_get_section
|
|
|
|
It's nicer than xmalloc followed by bfd_get_section_contents, since
|
|
xmalloc exits on failure and needs a check that its size_t arg doesn't
|
|
lose high bits when converted from bfd_size_type.
|
|
|
|
PR binutils/21665
|
|
* objdump.c (strtab): Make var a bfd_byte*.
|
|
(disassemble_section): Don't limit malloc size. Instead, use
|
|
bfd_malloc_and_get_section.
|
|
(read_section_stabs): Use bfd_malloc_and_get_section. Return
|
|
bfd_byte*.
|
|
(find_stabs_section): Remove now unnecessary cast.
|
|
* objcopy.c (copy_object): Use bfd_malloc_and_get_section. Free
|
|
contents on error return.
|
|
* nlmconv.c (copy_sections): Use bfd_malloc_and_get_section.
|
|
|
|
Upstream-Status: Backport
|
|
CVE: CVE-2017-9955 #8
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
|
|
---
|
|
binutils/ChangeLog | 13 +++++++++++++
|
|
binutils/nlmconv.c | 6 ++----
|
|
binutils/objcopy.c | 5 +++--
|
|
binutils/objdump.c | 44 +++++++-------------------------------------
|
|
4 files changed, 25 insertions(+), 43 deletions(-)
|
|
|
|
Index: git/binutils/ChangeLog
|
|
===================================================================
|
|
--- git.orig/binutils/ChangeLog
|
|
+++ git/binutils/ChangeLog
|
|
@@ -1,3 +1,16 @@
|
|
+2017-07-01 Alan Modra <amodra@gmail.com>
|
|
+
|
|
+ PR binutils/21665
|
|
+ * objdump.c (strtab): Make var a bfd_byte*.
|
|
+ (disassemble_section): Don't limit malloc size. Instead, use
|
|
+ bfd_malloc_and_get_section.
|
|
+ (read_section_stabs): Use bfd_malloc_and_get_section. Return
|
|
+ bfd_byte*.
|
|
+ (find_stabs_section): Remove now unnecessary cast.
|
|
+ * objcopy.c (copy_object): Use bfd_malloc_and_get_section. Free
|
|
+ contents on error return.
|
|
+ * nlmconv.c (copy_sections): Use bfd_malloc_and_get_section.
|
|
+
|
|
2017-06-30 Nick Clifton <nickc@redhat.com>
|
|
|
|
PR binutils/21665
|
|
Index: git/binutils/nlmconv.c
|
|
===================================================================
|
|
--- git.orig/binutils/nlmconv.c
|
|
+++ git/binutils/nlmconv.c
|
|
@@ -1224,7 +1224,7 @@ copy_sections (bfd *inbfd, asection *ins
|
|
const char *inname;
|
|
asection *outsec;
|
|
bfd_size_type size;
|
|
- void *contents;
|
|
+ bfd_byte *contents;
|
|
long reloc_size;
|
|
bfd_byte buf[4];
|
|
bfd_size_type add;
|
|
@@ -1240,9 +1240,7 @@ copy_sections (bfd *inbfd, asection *ins
|
|
contents = NULL;
|
|
else
|
|
{
|
|
- contents = xmalloc (size);
|
|
- if (! bfd_get_section_contents (inbfd, insec, contents,
|
|
- (file_ptr) 0, size))
|
|
+ if (!bfd_malloc_and_get_section (inbfd, insec, &contents))
|
|
bfd_fatal (bfd_get_filename (inbfd));
|
|
}
|
|
|
|
Index: git/binutils/objdump.c
|
|
===================================================================
|
|
--- git.orig/binutils/objdump.c
|
|
+++ git/binutils/objdump.c
|
|
@@ -180,7 +180,7 @@ static long dynsymcount = 0;
|
|
static bfd_byte *stabs;
|
|
static bfd_size_type stab_size;
|
|
|
|
-static char *strtab;
|
|
+static bfd_byte *strtab;
|
|
static bfd_size_type stabstr_size;
|
|
|
|
static bfd_boolean is_relocatable = FALSE;
|
|
@@ -2112,29 +2112,6 @@ disassemble_section (bfd *abfd, asection
|
|
}
|
|
rel_ppend = rel_pp + rel_count;
|
|
|
|
- /* PR 21665: Check for overlarge datasizes.
|
|
- Note - we used to check for "datasize > bfd_get_file_size (abfd)" but
|
|
- this fails when using compressed sections or compressed file formats
|
|
- (eg MMO, tekhex).
|
|
-
|
|
- The call to xmalloc below will fail if too much memory is requested,
|
|
- which will catch the problem in the normal use case. But if a memory
|
|
- checker is in use, eg valgrind or sanitize, then an exception will
|
|
- be still generated, so we try to catch the problem first.
|
|
-
|
|
- Unfortunately there is no simple way to determine how much memory can
|
|
- be allocated by calling xmalloc. So instead we use a simple, arbitrary
|
|
- limit of 2Gb. Hopefully this should be enough for most users. If
|
|
- someone does start trying to disassemble sections larger then 2Gb in
|
|
- size they will doubtless complain and we can increase the limit. */
|
|
-#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */
|
|
- if (datasize > MAX_XMALLOC)
|
|
- {
|
|
- non_fatal (_("Reading section %s failed because it is too big (%#lx)"),
|
|
- section->name, (unsigned long) datasize);
|
|
- return;
|
|
- }
|
|
-
|
|
data = (bfd_byte *) xmalloc (datasize);
|
|
|
|
bfd_get_section_contents (abfd, section, data, 0, datasize);
|
|
@@ -2652,12 +2629,11 @@ dump_dwarf (bfd *abfd)
|
|
/* Read ABFD's stabs section STABSECT_NAME, and return a pointer to
|
|
it. Return NULL on failure. */
|
|
|
|
-static char *
|
|
+static bfd_byte *
|
|
read_section_stabs (bfd *abfd, const char *sect_name, bfd_size_type *size_ptr)
|
|
{
|
|
asection *stabsect;
|
|
- bfd_size_type size;
|
|
- char *contents;
|
|
+ bfd_byte *contents;
|
|
|
|
stabsect = bfd_get_section_by_name (abfd, sect_name);
|
|
if (stabsect == NULL)
|
|
@@ -2666,10 +2642,7 @@ read_section_stabs (bfd *abfd, const cha
|
|
return FALSE;
|
|
}
|
|
|
|
- size = bfd_section_size (abfd, stabsect);
|
|
- contents = (char *) xmalloc (size);
|
|
-
|
|
- if (! bfd_get_section_contents (abfd, stabsect, contents, 0, size))
|
|
+ if (!bfd_malloc_and_get_section (abfd, stabsect, &contents))
|
|
{
|
|
non_fatal (_("reading %s section of %s failed: %s"),
|
|
sect_name, bfd_get_filename (abfd),
|
|
@@ -2679,7 +2652,7 @@ read_section_stabs (bfd *abfd, const cha
|
|
return NULL;
|
|
}
|
|
|
|
- *size_ptr = size;
|
|
+ *size_ptr = bfd_section_size (abfd, stabsect);
|
|
|
|
return contents;
|
|
}
|
|
@@ -2806,8 +2779,7 @@ find_stabs_section (bfd *abfd, asection
|
|
|
|
if (strtab)
|
|
{
|
|
- stabs = (bfd_byte *) read_section_stabs (abfd, section->name,
|
|
- &stab_size);
|
|
+ stabs = read_section_stabs (abfd, section->name, &stab_size);
|
|
if (stabs)
|
|
print_section_stabs (abfd, section->name, &sought->string_offset);
|
|
}
|
|
Index: git/binutils/objcopy.c
|
|
===================================================================
|
|
--- git.orig/binutils/objcopy.c
|
|
+++ git/binutils/objcopy.c
|
|
@@ -2186,14 +2186,15 @@ copy_object (bfd *ibfd, bfd *obfd, const
|
|
continue;
|
|
}
|
|
|
|
- bfd_byte * contents = xmalloc (size);
|
|
- if (bfd_get_section_contents (ibfd, sec, contents, 0, size))
|
|
+ bfd_byte *contents;
|
|
+ if (bfd_malloc_and_get_section (ibfd, sec, &contents))
|
|
{
|
|
if (fwrite (contents, 1, size, f) != size)
|
|
{
|
|
non_fatal (_("error writing section contents to %s (error: %s)"),
|
|
pdump->filename,
|
|
strerror (errno));
|
|
+ free (contents);
|
|
return FALSE;
|
|
}
|
|
}
|