* [binutils-gdb] nm: heap-buffer-overflow at elfcode.h:1507 in bfd_elf64_slurp_symbol_table
@ 2023-09-27 15:09 Nick Clifton
0 siblings, 0 replies; only message in thread
From: Nick Clifton @ 2023-09-27 15:09 UTC (permalink / raw)
To: bfd-cvs
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4befded43f524d0840bb88fff7b77415b73a3851
commit 4befded43f524d0840bb88fff7b77415b73a3851
Author: Nick Clifton <nickc@redhat.com>
Date: Wed Sep 27 16:09:06 2023 +0100
nm: heap-buffer-overflow at elfcode.h:1507 in bfd_elf64_slurp_symbol_table
PR 30885
* elfcode.h (elf_slurp_symbol_table): Compute the symcount for non dynamic symbols in the same way as _bfd_elf_get_symtab_upper_bound.
Diff:
---
bfd/ChangeLog | 6 ++++++
bfd/elfcode.h | 7 +++++--
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 4b0544a2ac9..2eee20fae0c 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2023-09-27 Nick Clifton <nickc@redhat.com>
+
+ PR 30885
+ * elfcode.h (elf_slurp_symbol_table): Compute the symcount for non
+ dynamic symbols in the same way as _bfd_elf_get_symtab_upper_bound.
+
2023-09-13 Jacob Navia <jacob@jacob.remcomp.fr>
* elf.c (_bfd_elf_init_reloc_shdr): Don't segfault on alloc fail.
diff --git a/bfd/elfcode.h b/bfd/elfcode.h
index 92e727b73e7..ab8c3eaaf4c 100644
--- a/bfd/elfcode.h
+++ b/bfd/elfcode.h
@@ -1255,11 +1255,13 @@ elf_slurp_symbol_table (bfd *abfd, asymbol **symptrs, bool dynamic)
symbols. We actually use all the ELF symbols, so there will be no
space left over at the end. When we have all the symbols, we
build the caller's pointer vector. */
+ ebd = get_elf_backend_data (abfd);
if (! dynamic)
{
hdr = &elf_tdata (abfd)->symtab_hdr;
verhdr = NULL;
+ symcount = hdr->sh_size / ebd->s->sizeof_sym;
}
else
{
@@ -1278,12 +1280,13 @@ elf_slurp_symbol_table (bfd *abfd, asymbol **symptrs, bool dynamic)
if (!_bfd_elf_slurp_version_tables (abfd, false))
return -1;
}
+
+ symcount = elf_tdata (abfd)->dt_symtab_count;
}
- ebd = get_elf_backend_data (abfd);
- symcount = elf_tdata (abfd)->dt_symtab_count;
if (symcount == 0)
symcount = hdr->sh_size / sizeof (Elf_External_Sym);
+
if (symcount == 0)
sym = symbase = NULL;
else
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-09-27 15:09 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-27 15:09 [binutils-gdb] nm: heap-buffer-overflow at elfcode.h:1507 in bfd_elf64_slurp_symbol_table Nick Clifton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).