1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
From: Alan Modra <amodra@gmail.com>
Date: Mon, 12 Dec 2022 08:31:08 +0000 (+1030)
Subject: PR29892, Field file_table of struct module is uninitialized
X-Git-Tag: gdb-13-branchpoint~86
X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7
PR29892, Field file_table of struct module is uninitialized
PR 29892
* vms-alphs.c (new_module): Use bfd_zmalloc to alloc file_table.
(parse_module): Rewrite file_table reallocation code and clear.
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7]
CVE: CVE-2023-25585
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
---
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 3b63259cc81..6ee7060b0b2 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -4337,7 +4337,7 @@ new_module (bfd *abfd)
= (struct module *) bfd_zalloc (abfd, sizeof (struct module));
module->file_table_count = 16; /* Arbitrary. */
module->file_table
- = bfd_malloc (module->file_table_count * sizeof (struct fileinfo));
+ = bfd_zmalloc (module->file_table_count * sizeof (struct fileinfo));
return module;
}
@@ -4520,15 +4520,18 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
src_ptr + DST_S_B_SRC_DF_FILENAME,
ptr + rec_length - (src_ptr + DST_S_B_SRC_DF_FILENAME));
- while (fileid >= module->file_table_count)
+ if (fileid >= module->file_table_count)
{
- module->file_table_count *= 2;
+ unsigned int old_count = module->file_table_count;
+ module->file_table_count += fileid;
module->file_table
= bfd_realloc_or_free (module->file_table,
module->file_table_count
* sizeof (struct fileinfo));
if (module->file_table == NULL)
return false;
+ memset (module->file_table + old_count, 0,
+ fileid * sizeof (struct fileinfo));
}
module->file_table [fileid].name = filename;
|
