30 lines
1.3 KiB
Diff
30 lines
1.3 KiB
Diff
diff -rup binutils.orig/bfd/elf-attrs.c binutils-2.30/bfd/elf-attrs.c
|
|
--- binutils.orig/bfd/elf-attrs.c 2018-05-17 14:14:04.341805666 +0100
|
|
+++ binutils-2.30/bfd/elf-attrs.c 2018-05-17 14:15:19.729952453 +0100
|
|
@@ -438,6 +438,14 @@ _bfd_elf_parse_attributes (bfd *abfd, El
|
|
/* PR 17512: file: 2844a11d. */
|
|
if (hdr->sh_size == 0)
|
|
return;
|
|
+ if (hdr->sh_size > bfd_get_file_size (abfd))
|
|
+ {
|
|
+ _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"),
|
|
+ abfd, hdr->bfd_section, (long long) hdr->sh_size);
|
|
+ bfd_set_error (bfd_error_invalid_operation);
|
|
+ return;
|
|
+ }
|
|
+
|
|
contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1);
|
|
if (!contents)
|
|
return;
|
|
diff -rup binutils.orig/bfd/elf.c binutils-2.30/bfd/elf.c
|
|
--- binutils.orig/bfd/elf.c 2018-05-17 14:14:04.326805836 +0100
|
|
+++ binutils-2.30/bfd/elf.c 2018-05-17 14:15:59.412503342 +0100
|
|
@@ -298,6 +298,7 @@ bfd_elf_get_str_section (bfd *abfd, unsi
|
|
/* Allocate and clear an extra byte at the end, to prevent crashes
|
|
in case the string table is not terminated. */
|
|
if (shstrtabsize + 1 <= 1
|
|
+ || shstrtabsize > bfd_get_file_size (abfd)
|
|
|| bfd_seek (abfd, offset, SEEK_SET) != 0
|
|
|| (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL)
|
|
shstrtab = NULL;
|