From 8490fb409a37072389da7cafc3a92255e9a34c98 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Fri, 6 Feb 2015 12:19:20 +0000 Subject: [PATCH] Fix memory access violations triggered by processing fuzzed binaries with a 32-bit version of readelf, compiled on a 64-bit host. PR binutils/17531 * dwarf.c (xcmalloc): Fail if the arguments are too big. (xcrealloc): Likewise. (xcalloc2): Likewise. --- binutils/ChangeLog | 5 +++++ binutils/dwarf.c | 21 ++++++++++++++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 6cd306a83f..9e682c1a90 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -4,6 +4,11 @@ * dwarf.c (display_debug_frames): Fix range checks to work on 32-bit binaries complied on a 64-bit host. + PR binutils/17531 + * dwarf.c (xcmalloc): Fail if the arguments are too big. + (xcrealloc): Likewise. + (xcalloc2): Likewise. + 2015-02-05 Alan Modra PR binutils/17926 diff --git a/binutils/dwarf.c b/binutils/dwarf.c index 2edacb8392..cebd8c9b76 100644 --- a/binutils/dwarf.c +++ b/binutils/dwarf.c @@ -7217,7 +7217,12 @@ xcmalloc (size_t nmemb, size_t size) { /* Check for overflow. */ if (nmemb >= ~(size_t) 0 / size) - return NULL; + { + fprintf (stderr, + _("Attempt to allocate an array with an excessive number of elements: 0x%lx\n"), + (long) nmemb); + xexit (1); + } return xmalloc (nmemb * size); } @@ -7230,7 +7235,12 @@ xcrealloc (void *ptr, size_t nmemb, size_t size) { /* Check for overflow. */ if (nmemb >= ~(size_t) 0 / size) - return NULL; + { + fprintf (stderr, + _("Attempt to re-allocate an array with an excessive number of elements: 0x%lx\n"), + (long) nmemb); + xexit (1); + } return xrealloc (ptr, nmemb * size); } @@ -7241,7 +7251,12 @@ xcalloc2 (size_t nmemb, size_t size) { /* Check for overflow. */ if (nmemb >= ~(size_t) 0 / size) - return NULL; + { + fprintf (stderr, + _("Attempt to allocate a zero'ed array with an excessive number of elements: 0x%lx\n"), + (long) nmemb); + xexit (1); + } return xcalloc (nmemb, size); } -- 2.34.1