| From 60a02042bacf8d25814430080adda61ed086bca6 Mon Sep 17 00:00:00 2001 |
| From: Nick Clifton <nickc@redhat.com> |
| Date: Fri, 30 Jun 2017 11:03:37 +0100 |
| Subject: [PATCH] Fix failures in MMIX linker tests introduced by fix for PR |
| 21665. |
| |
| PR binutils/21665 |
| * objdump.c (disassemble_section): Move check for an overlarge |
| section to just before the allocation of memory. Do not check |
| section size against file size, but instead use an arbitrary 2Gb |
| limit. Issue a warning message if the section is too big. |
| |
| Upstream-Status: Backport |
| CVE: CVE-2017-9955 #7 |
| Signed-off-by: Armin Kuster <akuster@mvista.com> |
| |
| --- |
| binutils/ChangeLog | 8 ++++++++ |
| binutils/objdump.c | 25 ++++++++++++++++++++++++- |
| 2 files changed, 32 insertions(+), 1 deletion(-) |
| |
| Index: git/binutils/objdump.c |
| =================================================================== |
| --- git.orig/binutils/objdump.c |
| +++ git/binutils/objdump.c |
| @@ -2048,7 +2048,7 @@ disassemble_section (bfd *abfd, asection |
| return; |
| |
| datasize = bfd_get_section_size (section); |
| - if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd)) |
| + if (datasize == 0) |
| return; |
| |
| if (start_address == (bfd_vma) -1 |
| @@ -2112,6 +2112,29 @@ disassemble_section (bfd *abfd, asection |
| } |
| rel_ppend = rel_pp + rel_count; |
| |
| + /* PR 21665: Check for overlarge datasizes. |
| + Note - we used to check for "datasize > bfd_get_file_size (abfd)" but |
| + this fails when using compressed sections or compressed file formats |
| + (eg MMO, tekhex). |
| + |
| + The call to xmalloc below will fail if too much memory is requested, |
| + which will catch the problem in the normal use case. But if a memory |
| + checker is in use, eg valgrind or sanitize, then an exception will |
| + be still generated, so we try to catch the problem first. |
| + |
| + Unfortunately there is no simple way to determine how much memory can |
| + be allocated by calling xmalloc. So instead we use a simple, arbitrary |
| + limit of 2Gb. Hopefully this should be enough for most users. If |
| + someone does start trying to disassemble sections larger then 2Gb in |
| + size they will doubtless complain and we can increase the limit. */ |
| +#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */ |
| + if (datasize > MAX_XMALLOC) |
| + { |
| + non_fatal (_("Reading section %s failed because it is too big (%#lx)"), |
| + section->name, (unsigned long) datasize); |
| + return; |
| + } |
| + |
| data = (bfd_byte *) xmalloc (datasize); |
| |
| bfd_get_section_contents (abfd, section, data, 0, datasize); |
| Index: git/binutils/ChangeLog |
| =================================================================== |
| --- git.orig/binutils/ChangeLog |
| +++ git/binutils/ChangeLog |
| @@ -1,3 +1,11 @@ |
| +2017-06-30 Nick Clifton <nickc@redhat.com> |
| + |
| + PR binutils/21665 |
| + * objdump.c (disassemble_section): Move check for an overlarge |
| + section to just before the allocation of memory. Do not check |
| + section size against file size, but instead use an arbitrary 2Gb |
| + limit. Issue a warning message if the section is too big. |
| + |
| 2017-06-26 Nick Clifton <nickc@redhat.com> |
| |
| PR binutils/21665 |