git.efficios.com Git - deliverable/binutils-gdb.git/commit

author	Alan Modra <amodra@gmail.com>
	Fri, 21 Feb 2020 08:52:41 +0000 (19:22 +1030)
committer	Alan Modra <amodra@gmail.com>
	Fri, 21 Feb 2020 11:46:43 +0000 (22:16 +1030)
commit	a4425a57c7ad127b30cdfe271c870d5c8ebcfad7
tree	91eede9d47adea966fe1eaaf57a77b674f9be3c9	tree \| snapshot
parent	c7adb09f35ad70cefc75c328f7b5a23b19fb8c74	commit \| diff

Fuzzers whining about mach-o support

It's very easy to make bfd/mach-o.c allocate huge amounts of memory
with fuzzed binaries.  This make it a little harder.

The patch also fixes a number of places where an attempt to detect
overflow of multiplication was done with code like
  if (x * 4 < x)
    /* overflow case */
That of course doesn't work.  There are plenty of values of x that
overflow x * 4 but (x * 4) mod 2^n is greater than x.  For example
with 16-bit types, 0x6000 * 4 = 0x18000 mod 2^16 = 0x8000.

* mach-o.c (bfd_mach_o_canonicalize_relocs): Fix ineffective
overflow check.
(bfd_mach_o_canonicalize_reloc): Likewise.
(bfd_mach_o_canonicalize_dynamic_reloc): Likewise.  Sanity check
counts and offsets against file size.
(bfd_mach_o_build_dysymtab): Fix ineffective overflow check.
(bfd_mach_o_mangle_sections): Remove unnecessary overflow check.
(bfd_mach_o_read_symtab_symbols): Sanity check count and offset
against file size.  Delete symbol table error message.
(bfd_mach_o_read_dysymtab): Sanity check counts and offsets
against file size.
(bfd_mach_o_read_symtab): Likewise.
(bfd_mach_o_read_command): Pass file size.
(bfd_mach_o_scan): Sanity check command count against file size.

bfd/ChangeLog		diff \| blob \| blame \| history
bfd/mach-o.c		diff \| blob \| blame \| history