Prevent an over large memory allocation in readelf when parsing a corrupt DWARF file.

PR 30227 * dwarf.c (process_cu_tu_index): Prevent excessive memory allocation when nused is large and ncols is zero.
2024-11-23 18:14:13 +08:00 · 2023-03-14 13:15:12 +00:00 · 2023-03-14 13:15:12 +00:00 · 97b75c421f
commit 97b75c421f
parent ff581559f9
2 changed files with 9 additions and 0 deletions
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@ -1,3 +1,9 @@
+2023-03-14  Nick Clifton  <nickc@redhat.com>
+
+	PR 30227
+	* dwarf.c (process_cu_tu_index): Prevent excessive memory
+	allocation when nused is large and ncols is zero.
+
 2023-02-09  Tom Tromey  <tromey@adacore.com>

 	* dwarf-mode.el: Bump version to 1.8.
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@ -10912,6 +10912,9 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
      if (nused == -1u
 	  || _mul_overflow ((size_t) ncols, 4, &temp)
 	  || _mul_overflow ((size_t) nused + 1, temp, &total)
+	  || total > (size_t) (limit - ppool)
+	  /* PR 30227: ncols could be 0.  */
+	  || _mul_overflow ((size_t) nused + 1, 4, &total)
 	  || total > (size_t) (limit - ppool))
 	{
 	  warn (_("Section %s too small for offset and size tables\n"),