blob: f41c02a02b1124baed45cc79a37aaa63285224b3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
From 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Wed, 21 Dec 2022 11:51:23 +0000
Subject: [PATCH] Fix an attempt to allocate an unreasonably large amount of
memory when parsing a corrupt ELF file.
PR 29924
* objdump.c (load_specific_debug_section): Check for excessively
large sections.
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd]
CVE: CVE-2022-48063
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Comment: Patch refreshed based on codebase.
---
binutils/ChangeLog | 6 ++++++
binutils/objdump.c | 4 +++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index e7f918d3f65..020e09f3700 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2022-12-21 Nick Clifton <nickc@redhat.com>
+
+ PR 29924
+ * objdump.c (load_specific_debug_section): Check for excessively
+ large sections.
+
2021-02-11 Alan Modra <amodra@gmail.com>
PR 27290
diff --git a/binutils/objdump.c b/binutils/objdump.c
index d51abbe3858..2eb02de0e76 100644
--- a/binutils/objdump.c
+++ b/binutils/objdump.c
@@ -3479,7 +3479,9 @@
section->size = bfd_section_size (sec);
/* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */
alloced = amt = section->size + 1;
- if (alloced != amt || alloced == 0)
+ if (alloced != amt
+ || alloced == 0
+ || (bfd_get_size (abfd) != 0 && alloced >= bfd_get_size (abfd)))
{
section->start = NULL;
free_debug_section (debug);
|