From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nickc@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2124)
 id 14CEF3856DE8; Wed, 27 Sep 2023 15:09:37 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 14CEF3856DE8
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Nick Clifton <nickc@sourceware.org>
To: bfd-cvs@sourceware.org
Subject: [binutils-gdb] nm: heap-buffer-overflow at elfcode.h:1507 in
 bfd_elf64_slurp_symbol_table
X-Act-Checkin: binutils-gdb
X-Git-Author: Nick Clifton <nickc@redhat.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 58bceb182740111d66fb0afa4b7941a5937dc492
X-Git-Newrev: 4befded43f524d0840bb88fff7b77415b73a3851
Message-Id: <20230927150937.14CEF3856DE8@sourceware.org>
Date: Wed, 27 Sep 2023 15:09:37 +0000 (GMT)
X-BeenThere: binutils-cvs@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Binutils-cvs mailing list <binutils-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils-cvs/>
List-Help: <mailto:binutils-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Sep 2023 15:09:37 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D4befded43f52=
4d0840bb88fff7b77415b73a3851

commit 4befded43f524d0840bb88fff7b77415b73a3851
Author: Nick Clifton <nickc@redhat.com>
Date:   Wed Sep 27 16:09:06 2023 +0100

    nm: heap-buffer-overflow at elfcode.h:1507 in bfd_elf64_slurp_symbol_ta=
ble
   =20
      PR 30885
      * elfcode.h (elf_slurp_symbol_table): Compute the symcount for non dy=
namic symbols in the same way as _bfd_elf_get_symtab_upper_bound.

Diff:
---
 bfd/ChangeLog | 6 ++++++
 bfd/elfcode.h | 7 +++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 4b0544a2ac9..2eee20fae0c 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2023-09-27  Nick Clifton  <nickc@redhat.com>
+
+	PR 30885
+	* elfcode.h (elf_slurp_symbol_table): Compute the symcount for non
+	dynamic symbols in the same way as _bfd_elf_get_symtab_upper_bound.
+
 2023-09-13  Jacob Navia  <jacob@jacob.remcomp.fr>
=20
 	* elf.c (_bfd_elf_init_reloc_shdr): Don't segfault on alloc fail.
diff --git a/bfd/elfcode.h b/bfd/elfcode.h
index 92e727b73e7..ab8c3eaaf4c 100644
--- a/bfd/elfcode.h
+++ b/bfd/elfcode.h
@@ -1255,11 +1255,13 @@ elf_slurp_symbol_table (bfd *abfd, asymbol **symptr=
s, bool dynamic)
      symbols.  We actually use all the ELF symbols, so there will be no
      space left over at the end.  When we have all the symbols, we
      build the caller's pointer vector.  */
+  ebd =3D get_elf_backend_data (abfd);
=20
   if (! dynamic)
     {
       hdr =3D &elf_tdata (abfd)->symtab_hdr;
       verhdr =3D NULL;
+      symcount =3D hdr->sh_size / ebd->s->sizeof_sym;
     }
   else
     {
@@ -1278,12 +1280,13 @@ elf_slurp_symbol_table (bfd *abfd, asymbol **symptr=
s, bool dynamic)
 	  if (!_bfd_elf_slurp_version_tables (abfd, false))
 	    return -1;
 	}
+
+      symcount =3D elf_tdata (abfd)->dt_symtab_count;
     }
=20
-  ebd =3D get_elf_backend_data (abfd);
-  symcount =3D elf_tdata (abfd)->dt_symtab_count;
   if (symcount =3D=3D 0)
     symcount =3D hdr->sh_size / sizeof (Elf_External_Sym);
+
   if (symcount =3D=3D 0)
     sym =3D symbase =3D NULL;
   else