This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
gold patch: add check for attempt to map beyond end of file
- From: "Cary Coutant" <ccoutant at google dot com>
- To: Binutils <binutils at sourceware dot org>
- Date: Tue, 9 Sep 2008 10:49:40 -0700
- Subject: gold patch: add check for attempt to map beyond end of file
We encountered a gold crash upon encountering a corrupt archive file,
causing gold to use garbage values for offset and size when trying to
mmap a portion of the input file. Because of arithmetic overflow, the
existing checks did not prevent the crash. The attached gold patch
adds an additional sanity check to File_read::make_view.
OK?
-cary
2008-09-05 Cary Coutant <ccoutant@google.com>
* fileread.cc (File_read::make_view): Add check for attempt to map
beyond end of file.
Index: fileread.cc
===================================================================
RCS file: /cvs/src/src/gold/fileread.cc,v
retrieving revision 1.43
diff -u -p -r1.43 fileread.cc
--- fileread.cc 21 Aug 2008 00:30:13 -0000 1.43
+++ fileread.cc 9 Sep 2008 17:48:31 -0000
@@ -355,6 +355,14 @@ File_read::make_view(off_t start, sectio
{
gold_assert(size > 0);
+ // Check that start and end of the view are within the file.
+ if (start > this->size_ || size > this->size_ - start)
+ gold_fatal(_("%s: attempt to map %lld bytes at offset %lld exceeds "
+ "size of file; the file may be corrupt"),
+ this->filename().c_str(),
+ static_cast<long long>(size),
+ static_cast<long long>(start));
+
off_t poff = File_read::page_offset(start);
section_size_type psize = File_read::pages(size + (start - poff));