commit 60a02042bacf8d25814430080adda61ed086bca6 Author: Nick Clifton Date: Fri Jun 30 11:03:37 2017 +0100 Fix failures in MMIX linker tests introduced by fix for PR 21665. PR binutils/21665 * objdump.c (disassemble_section): Move check for an overlarge section to just before the allocation of memory. Do not check section size against file size, but instead use an arbitrary 2Gb limit. Issue a warning message if the section is too big. Upstream-Status: CVE-2017-9955 CVE: CVE-2017-9955 Signed-off-by: Thiruvadi Rajaraman Index: git/binutils/objdump.c =================================================================== --- git.orig/binutils/objdump.c 2017-09-21 18:10:55.499217078 +0530 +++ git/binutils/objdump.c 2017-09-21 18:10:55.483216953 +0530 @@ -1973,7 +1973,7 @@ return; datasize = bfd_get_section_size (section); - if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd)) + if (datasize == 0) return; if (start_address == (bfd_vma) -1 @@ -2037,6 +2037,29 @@ } rel_ppend = rel_pp + rel_count; + /* PR 21665: Check for overlarge datasizes. + Note - we used to check for "datasize > bfd_get_file_size (abfd)" but + this fails when using compressed sections or compressed file formats + (eg MMO, tekhex). + + The call to xmalloc below will fail if too much memory is requested, + which will catch the problem in the normal use case. But if a memory + checker is in use, eg valgrind or sanitize, then an exception will + be still generated, so we try to catch the problem first. + + Unfortunately there is no simple way to determine how much memory can + be allocated by calling xmalloc. So instead we use a simple, arbitrary + limit of 2Gb. Hopefully this should be enough for most users. If + someone does start trying to disassemble sections larger then 2Gb in + size they will doubtless complain and we can increase the limit. */ +#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */ + if (datasize > MAX_XMALLOC) + { + non_fatal (_("Reading section %s failed because it is too big (%#lx)"), + section->name, (unsigned long) datasize); + return; + } + data = (bfd_byte *) xmalloc (datasize); bfd_get_section_contents (abfd, section, data, 0, datasize); Index: git/binutils/ChangeLog =================================================================== --- git.orig/binutils/ChangeLog 2017-09-21 17:57:10.448948416 +0530 +++ git/binutils/ChangeLog 2017-09-21 18:13:09.052268892 +0530 @@ -4,6 +4,14 @@ * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty string whilst concatenating symbol names. +2017-06-30 Nick Clifton + + PR binutils/21665 + * objdump.c (disassemble_section): Move check for an overlarge + section to just before the allocation of memory. Do not check + section size against file size, but instead use an arbitrary 2Gb + limit. Issue a warning message if the section is too big. + 2017-05-02 Nick Clifton PR 21440