* Fuzzed files in archives
@ 2022-10-27 7:36 Alan Modra
0 siblings, 0 replies; 2+ messages in thread
From: Alan Modra @ 2022-10-27 7:36 UTC (permalink / raw)
To: binutils
Given a fuzzed object file in an archive with section size exceeding
file size, objcopy will report an error like "section size (0xfeffffff
bytes) is larger than file size (0x17a bytes)" but will create a copy
of the object laid out for the large section. That means a large
temporary file on disk that is read back and written to the output
archive, which can take a while. The output archive is then deleted
due to the error. Avoid some of this silliness.
* objcopy.c (copy_section): If section contents cannot be read
set output section size to zero.
diff --git a/binutils/objcopy.c b/binutils/objcopy.c
index 6ffbdf9c681..d20aaef9f4f 100644
--- a/binutils/objcopy.c
+++ b/binutils/objcopy.c
@@ -4418,6 +4418,7 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg)
|| !bfd_convert_section_contents (ibfd, isection, obfd,
&memhunk, &size))
{
+ bfd_set_section_size (osection, 0);
status = 1;
bfd_nonfatal_message (NULL, ibfd, isection, NULL);
free (memhunk);
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Fuzzed files in archives
@ 2022-11-09 7:03 Alan Modra
0 siblings, 0 replies; 2+ messages in thread
From: Alan Modra @ 2022-11-09 7:03 UTC (permalink / raw)
To: binutils
Like commit ffbe89531c2e this avoids more silliness writing output
that is going to be deleted. bfd_close and bfd_close_all_done differ
in that only the former calls _bfd_write_contents.
* objcopy.c (copy_archive): Don't call bfd_close for elements
that are going to be deleted, call bfd_close_all_done instead.
Do the same for the archive itself.
diff --git a/binutils/objcopy.c b/binutils/objcopy.c
index 03350babb69..d886e3ae343 100644
--- a/binutils/objcopy.c
+++ b/binutils/objcopy.c
@@ -3670,23 +3670,16 @@ copy_archive (bfd *ibfd, bfd *obfd, const char *output_target,
if (del && bfd_get_arch (this_element) == bfd_arch_unknown)
/* Try again as an unknown object file. */
ok_object = false;
- else if (!bfd_close (output_bfd))
- {
- bfd_nonfatal_message (output_name, NULL, NULL, NULL);
- /* Error in new object file. Don't change archive. */
- status = 1;
- }
}
if (!ok_object)
+ del = !copy_unknown_object (this_element, output_bfd);
+
+ if (!(ok_object && !del ? bfd_close : bfd_close_all_done) (output_bfd))
{
- del = !copy_unknown_object (this_element, output_bfd);
- if (!bfd_close_all_done (output_bfd))
- {
- bfd_nonfatal_message (output_name, NULL, NULL, NULL);
- /* Error in new object file. Don't change archive. */
- status = 1;
- }
+ bfd_nonfatal_message (output_name, NULL, NULL, NULL);
+ /* Error in new object file. Don't change archive. */
+ status = 1;
}
if (del)
@@ -3717,7 +3710,7 @@ copy_archive (bfd *ibfd, bfd *obfd, const char *output_target,
*ptr = NULL;
filename = bfd_get_filename (obfd);
- if (!bfd_close (obfd))
+ if (!(status == 0 ? bfd_close : bfd_close_all_done) (obfd))
{
status = 1;
bfd_nonfatal_message (filename, NULL, NULL, NULL);
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-11-09 7:03 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-27 7:36 Fuzzed files in archives Alan Modra
2022-11-09 7:03 Alan Modra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).