Fix memory access violations triggered by processing fuzzed binaries with a 32-bit version of readelf, compiled on a 64-bit host.

PR binutils/17531 * dwarf.c (xcmalloc): Fail if the arguments are too big. (xcrealloc): Likewise. (xcalloc2): Likewise.
2024-11-24 02:24:46 +08:00 · 2015-02-06 12:19:20 +00:00 · 2015-02-06 12:19:20 +00:00 · 8490fb409a
commit 8490fb409a
parent 5929c344f9
2 changed files with 23 additions and 3 deletions
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@ -4,6 +4,11 @@
 	* dwarf.c (display_debug_frames): Fix range checks to work on
 	32-bit binaries complied on a 64-bit host.

+	PR binutils/17531
+	* dwarf.c (xcmalloc): Fail if the arguments are too big.
+	(xcrealloc): Likewise.
+	(xcalloc2): Likewise.
+
 2015-02-05  Alan Modra  <amodra@gmail.com>

 	PR binutils/17926
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@ -7217,7 +7217,12 @@ xcmalloc (size_t nmemb, size_t size)
 {
  /* Check for overflow.  */
  if (nmemb >= ~(size_t) 0 / size)
-    return NULL;
+    {
+      fprintf (stderr,
+	       _("Attempt to allocate an array with an excessive number of elements: 0x%lx\n"),
+	       (long) nmemb);
+      xexit (1);
+    }

  return xmalloc (nmemb * size);
 }
@ -7230,7 +7235,12 @@ xcrealloc (void *ptr, size_t nmemb, size_t size)
 {
  /* Check for overflow.  */
  if (nmemb >= ~(size_t) 0 / size)
-    return NULL;
+    {
+      fprintf (stderr,
+	       _("Attempt to re-allocate an array with an excessive number of elements: 0x%lx\n"),
+	       (long) nmemb);
+      xexit (1);
+    }

  return xrealloc (ptr, nmemb * size);
 }
@ -7241,7 +7251,12 @@ xcalloc2 (size_t nmemb, size_t size)
 {
  /* Check for overflow.  */
  if (nmemb >= ~(size_t) 0 / size)
-    return NULL;
+    {
+      fprintf (stderr,
+	       _("Attempt to allocate a zero'ed array with an excessive number of elements: 0x%lx\n"),
+	       (long) nmemb);
+      xexit (1);
+    }

  return xcalloc (nmemb, size);
 }