2ea649d73a
Fix a potential memory exhaustion in the BFD library when parsing corrupt DWARF debug information. (#1771678)
21 lines
789 B
Diff
21 lines
789 B
Diff
--- binutils.orig/bfd/dwarf2.c 2019-11-13 11:32:09.395430104 +0000
|
|
+++ binutils-2.33.1/bfd/dwarf2.c 2019-11-13 11:33:17.272899503 +0000
|
|
@@ -4440,7 +4440,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd,
|
|
for (total_size = 0;
|
|
msec;
|
|
msec = find_debug_info (debug_bfd, debug_sections, msec))
|
|
- total_size += msec->size;
|
|
+ {
|
|
+ /* Catch PR25070 testcase overflowing size calculation here. */
|
|
+ if (total_size + msec->size < total_size
|
|
+ || total_size + msec->size < msec->size)
|
|
+ {
|
|
+ bfd_set_error (bfd_error_no_memory);
|
|
+ return FALSE;
|
|
+ }
|
|
+ total_size += msec->size;
|
|
+ }
|
|
|
|
stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size);
|
|
if (stash->info_ptr_memory == NULL)
|