Prevent a memory exhaustion problem when trying to read in strings from a COFF binary...

author Nick Clifton <nickc@redhat.com>

Tue, 28 Nov 2017 18:00:29 +0000 (18:00 +0000)

committer Nick Clifton <nickc@redhat.com>

Tue, 28 Nov 2017 18:00:29 +0000 (18:00 +0000)
author Nick Clifton <nickc@redhat.com>
Tue, 28 Nov 2017 18:00:29 +0000 (18:00 +0000)
committer Nick Clifton <nickc@redhat.com>
Tue, 28 Nov 2017 18:00:29 +0000 (18:00 +0000)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index 13ff8ad242e26c57b8123e774d71de9ec46a8d71..e8d75635930f7948e917c7e7b266b8dca35e0e47 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-11-28  Nick Clifton  <nickc@redhat.com>
+
+       PR 22507
+       * coffgen.c (_bfd_coff_read_string_table): Check for an excessive
+       size of the external string table.
+
  2017-11-28  Nick Clifton  <nickc@redhat.com>
  
         PR 22506
diff --git a/bfd/coffgen.c b/bfd/coffgen.c

index 81efd9b372435370a02043c0cfcbdc4c70d22366..7798dfcff00212919e36fe9404392a2dd2639110 100644 (file)
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1718,7 +1718,7 @@ _bfd_coff_read_string_table (bfd *abfd)
  #endif
      }
  
-  if (strsize < STRING_SIZE_SIZE)
+  if (strsize < STRING_SIZE_SIZE || strsize > bfd_get_file_size (abfd))
      {
        _bfd_error_handler
         /* xgettext: c-format */
@@ -1726,7 +1726,7 @@ _bfd_coff_read_string_table (bfd *abfd)
        bfd_set_error (bfd_error_bad_value);
        return NULL;
      }
-
+  
    strings = (char *) bfd_malloc (strsize + 1);
    if (strings == NULL)
      return NULL;
author	Nick Clifton <nickc@redhat.com>
	Tue, 28 Nov 2017 18:00:29 +0000 (18:00 +0000)
committer	Nick Clifton <nickc@redhat.com>
	Tue, 28 Nov 2017 18:00:29 +0000 (18:00 +0000)
bfd/ChangeLog		patch \| blob \| blame \| history
bfd/coffgen.c		patch \| blob \| blame \| history