Blame SOURCES/binutils-CVE-2021-3487.patch
|
 |
c01860 |
--- binutils.orig/bfd/dwarf2.c 2021-04-14 14:24:18.945917267 +0100
|
|
|
c01860 |
+++ binutils-2.30/bfd/dwarf2.c 2021-04-14 14:25:51.908614106 +0100
|
|
|
c01860 |
@@ -532,6 +532,10 @@ read_section (bfd * abfd,
|
|
|
c01860 |
/* The section may have already been read. */
|
|
|
c01860 |
if (contents == NULL)
|
|
|
c01860 |
{
|
|
|
c01860 |
+ bfd_size_type amt;
|
|
|
c01860 |
+ asection *msec;
|
|
|
c01860 |
+ ufile_ptr filesize;
|
|
|
c01860 |
+
|
|
|
c01860 |
msec = bfd_get_section_by_name (abfd, section_name);
|
|
|
c01860 |
if (! msec)
|
|
|
c01860 |
{
|
|
|
c01860 |
@@ -547,10 +551,22 @@ read_section (bfd * abfd,
|
|
|
c01860 |
return FALSE;
|
|
|
c01860 |
}
|
|
|
c01860 |
|
|
|
c01860 |
- *section_size = msec->rawsize ? msec->rawsize : msec->size;
|
|
|
c01860 |
+ amt = bfd_get_section_limit_octets (abfd, msec);
|
|
|
c01860 |
+ filesize = bfd_get_file_size (abfd);
|
|
|
c01860 |
+ if (amt >= filesize)
|
|
|
c01860 |
+ {
|
|
|
c01860 |
+ /* PR 26946 */
|
|
|
c01860 |
+ _bfd_error_handler (_("DWARF error: section %s is larger than its filesize! (0x%lx vs 0x%lx)"),
|
|
|
c01860 |
+ section_name, (long) amt, (long) filesize);
|
|
|
c01860 |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
c01860 |
+ return FALSE;
|
|
|
c01860 |
+ }
|
|
|
c01860 |
+ *section_size = amt;
|
|
|
c01860 |
+
|
|
|
c01860 |
/* Paranoia - alloc one extra so that we can make sure a string
|
|
|
c01860 |
section is NUL terminated. */
|
|
|
c01860 |
- amt = *section_size + 1;
|
|
|
c01860 |
+ amt += 1;
|
|
|
c01860 |
+
|
|
|
c01860 |
if (amt == 0)
|
|
|
c01860 |
{
|
|
|
c01860 |
bfd_set_error (bfd_error_no_memory);
|