This is the mail archive of the binutils-cvs@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[binutils-gdb] PR22166, SHT_GNU_verneed memory allocation

From: Alan Modra <amodra at sourceware dot org>
To: bfd-cvs at sourceware dot org
Date: 24 Sep 2017 06:47:48 -0000
Subject: [binutils-gdb] PR22166, SHT_GNU_verneed memory allocation

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6

commit bd61e135492ecf624880e6b78e5fcde3c9716df6
Author: Alan Modra <amodra@gmail.com>
Date:   Sun Sep 24 14:34:57 2017 +0930

    PR22166, SHT_GNU_verneed memory allocation
    
    The sanity check covers the previous minimim size, plus that the size
    is at least enough for sh_info verneed entries.
    
    Also, since we write all verneed fields or exit with an error, there
    isn't any need to zero the memory allocated for verneed entries.
    
    	PR 22166
    	* elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
    	SHT_GNU_verneed section for sanity.  Don't zalloc memory for
    	verref.

Diff:
---
 bfd/ChangeLog | 7 +++++++
 bfd/elf.c     | 5 +++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 9b4cb08..af04da9 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2017-09-24  Alan Modra  <amodra@gmail.com>
+
+	PR 22166
+	* elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
+	SHT_GNU_verneed section for sanity.  Don't zalloc memory for
+	verref.
+
 2017-09-22  H.J. Lu  <hongjiu.lu@intel.com>
 
 	PR binutils/22170
diff --git a/bfd/elf.c b/bfd/elf.c
index 9b61f06..38dba48 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -8198,7 +8198,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bfd_boolean default_imported_symver)
 
       hdr = &elf_tdata (abfd)->dynverref_hdr;
 
-      if (hdr->sh_info == 0 || hdr->sh_size < sizeof (Elf_External_Verneed))
+      if (hdr->sh_info == 0
+	  || hdr->sh_info > hdr->sh_size / sizeof (Elf_External_Verneed))
 	{
 error_return_bad_verref:
 	  _bfd_error_handler
@@ -8219,7 +8220,7 @@ error_return_verref:
 	goto error_return_verref;
 
       elf_tdata (abfd)->verref = (Elf_Internal_Verneed *)
-	bfd_zalloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
+	bfd_alloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
 
       if (elf_tdata (abfd)->verref == NULL)
 	goto error_return_verref;

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]