|
 |
13ae24 |
diff -rup binutils.orig/bfd/elf-attrs.c binutils-2.30/bfd/elf-attrs.c
|
|
|
13ae24 |
--- binutils.orig/bfd/elf-attrs.c 2018-05-17 14:14:04.341805666 +0100
|
|
|
13ae24 |
+++ binutils-2.30/bfd/elf-attrs.c 2018-05-17 14:15:19.729952453 +0100
|
|
|
13ae24 |
@@ -438,6 +438,14 @@ _bfd_elf_parse_attributes (bfd *abfd, El
|
|
|
13ae24 |
/* PR 17512: file: 2844a11d. */
|
|
|
13ae24 |
if (hdr->sh_size == 0)
|
|
|
13ae24 |
return;
|
|
|
13ae24 |
+ if (hdr->sh_size > bfd_get_file_size (abfd))
|
|
|
13ae24 |
+ {
|
|
|
13ae24 |
+ _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"),
|
|
|
13ae24 |
+ abfd, hdr->bfd_section, (long long) hdr->sh_size);
|
|
|
13ae24 |
+ bfd_set_error (bfd_error_invalid_operation);
|
|
|
13ae24 |
+ return;
|
|
|
13ae24 |
+ }
|
|
|
13ae24 |
+
|
|
|
13ae24 |
contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1);
|
|
|
13ae24 |
if (!contents)
|
|
|
13ae24 |
return;
|
|
|
13ae24 |
diff -rup binutils.orig/bfd/elf.c binutils-2.30/bfd/elf.c
|
|
|
13ae24 |
--- binutils.orig/bfd/elf.c 2018-05-17 14:14:04.326805836 +0100
|
|
|
13ae24 |
+++ binutils-2.30/bfd/elf.c 2018-05-17 14:15:59.412503342 +0100
|
|
|
13ae24 |
@@ -298,6 +298,7 @@ bfd_elf_get_str_section (bfd *abfd, unsi
|
|
|
13ae24 |
/* Allocate and clear an extra byte at the end, to prevent crashes
|
|
|
13ae24 |
in case the string table is not terminated. */
|
|
|
13ae24 |
if (shstrtabsize + 1 <= 1
|
|
|
13ae24 |
+ || shstrtabsize > bfd_get_file_size (abfd)
|
|
|
13ae24 |
|| bfd_seek (abfd, offset, SEEK_SET) != 0
|
|
|
13ae24 |
|| (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL)
|
|
|
13ae24 |
shstrtab = NULL;
|