From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nickc@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2124)
 id 462F53858000; Wed, 21 Dec 2022 11:52:01 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 462F53858000
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Nick Clifton <nickc@sourceware.org>
To: bfd-cvs@sourceware.org
Subject: [binutils-gdb] Fix an attempt to allocate an unreasonably large
 amount of memory when parsing a corrupt ELF file.
X-Act-Checkin: binutils-gdb
X-Git-Author: Nick Clifton <nickc@redhat.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: a7a32d588f29466221f5b4d421d0fc0a652dae48
X-Git-Newrev: 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd
Message-Id: <20221221115201.462F53858000@sourceware.org>
Date: Wed, 21 Dec 2022 11:52:01 +0000 (GMT)
X-BeenThere: binutils-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils-cvs mailing list <binutils-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils-cvs/>
List-Help: <mailto:binutils-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Dec 2022 11:52:01 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D75393a2d54bc=
c40053e5262a3de9d70c5ebfbbfd

commit 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd
Author: Nick Clifton <nickc@redhat.com>
Date:   Wed Dec 21 11:51:23 2022 +0000

    Fix an attempt to allocate an unreasonably large amount of memory when =
parsing a corrupt ELF file.
   =20
            PR  29924
            * objdump.c (load_specific_debug_section): Check for excessively
            large sections.

Diff:
---
 binutils/ChangeLog | 6 ++++++
 binutils/objdump.c | 4 +++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index e7f918d3f65..020e09f3700 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2022-12-21  Nick Clifton  <nickc@redhat.com>
+
+	PR  29924
+	* objdump.c (load_specific_debug_section): Check for excessively
+	large sections.
+
 2022-12-19  Tom Tromey  <tromey@adacore.com>
=20
 	* dwarf-mode.el (dwarf-do-refresh): Avoid compiler warning.
diff --git a/binutils/objdump.c b/binutils/objdump.c
index d51abbe3858..2eb02de0e76 100644
--- a/binutils/objdump.c
+++ b/binutils/objdump.c
@@ -4225,7 +4225,9 @@ load_specific_debug_section (enum dwarf_section_displ=
ay_enum debug,
   section->size =3D bfd_section_size (sec);
   /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */
   alloced =3D amt =3D section->size + 1;
-  if (alloced !=3D amt || alloced =3D=3D 0)
+  if (alloced !=3D amt
+      || alloced =3D=3D 0
+      || (bfd_get_size (abfd) !=3D 0 && alloced >=3D bfd_get_size (abfd)))
     {
       section->start =3D NULL;
       free_debug_section (debug);