* objcopy of mach-o indirect symbols
@ 2023-02-10 0:57 Alan Modra
0 siblings, 0 replies; only message in thread
From: Alan Modra @ 2023-02-10 0:57 UTC (permalink / raw)
To: binutils
Anti-fuzzer measure. I'm not sure what the correct fix is for
objcopy. Probably the BFD_MACH_O_S_NON_LAZY_SYMBOL_POINTERS,
BFD_MACH_O_S_LAZY_SYMBOL_POINTERS and BFD_MACH_O_S_SYMBOL_STUBS
contents should be read.
* mach-o.c (bfd_mach_o_section_get_nbr_indirect): Omit sections
with NULL sec->indirect_syms.
diff --git a/bfd/mach-o.c b/bfd/mach-o.c
index 15da219ba57..a910e1146ea 100644
--- a/bfd/mach-o.c
+++ b/bfd/mach-o.c
@@ -526,6 +526,15 @@ bfd_mach_o_section_get_nbr_indirect (bfd *abfd, bfd_mach_o_section *sec)
{
unsigned int elsz;
+ /* FIXME: This array is set by the assembler but does not seem to be
+ set anywhere for objcopy. Since bfd_mach_o_build_dysymtab will
+ not fill in output bfd_mach_o_dysymtab_command indirect_syms when
+ this array is NULL we may as well return zero for the size.
+ This is enough to stop objcopy allocating huge amounts of memory
+ for indirect symbols in fuzzed object files. */
+ if (sec->indirect_syms == NULL)
+ return 0;
+
elsz = bfd_mach_o_section_get_entry_size (abfd, sec);
if (elsz == 0)
return 0;
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-02-10 0:57 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-10 0:57 objcopy of mach-o indirect symbols Alan Modra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).