aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2022-11-11 13:43:42 +1030
committerAlan Modra <amodra@gmail.com>2022-11-11 18:05:36 +1030
commitf7502dfe3f99d09fba2fc49f806ccc6b0a18c06d (patch)
tree2647f5d77d7515971d4ece107bafb5c4520920ac /bfd/dwarf2.c
parentSanity check SHT_MIPS_OPTIONS size (diff)
downloadbinutils-gdb-f7502dfe3f99d09fba2fc49f806ccc6b0a18c06d.tar.gz
binutils-gdb-f7502dfe3f99d09fba2fc49f806ccc6b0a18c06d.tar.bz2
binutils-gdb-f7502dfe3f99d09fba2fc49f806ccc6b0a18c06d.zip
PR28834, PR26946 sanity checking section size
This patch provides a new function to sanity check section sizes. It's mostly extracted from what we had in bfd_get_full_section_contents but also handles compressed debug sections. Improvements are: - section file offset is taken into account, - added checks that a compressed section can be read from file. The function is then used when handling multiple .debug_* sections that need to be read into a single buffer, to sanity check sizes before allocating the buffer. PR 26946, PR 28834 * Makefile.am (LIBBFD_H_FILES): Add section.c. * compress.c (bfd_get_full_section_contents): Move section size sanity checks.. * section.c (_bfd_section_size_insane): ..to here. New function. * dwarf2.c (read_section): Use _bfd_section_size_insane. (_bfd_dwarf2_slurp_debug_info): Likewise. * Makefile.in: Regenerate. * libbfd.h: Regenerate.
Diffstat (limited to 'bfd/dwarf2.c')
-rw-r--r--bfd/dwarf2.c20
1 files changed, 7 insertions, 13 deletions
diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
index 364cc9a6480..95f45708e9d 100644
--- a/bfd/dwarf2.c
+++ b/bfd/dwarf2.c
@@ -690,7 +690,6 @@ read_section (bfd *abfd,
{
bfd_size_type amt;
asection *msec;
- ufile_ptr filesize;
msec = bfd_get_section_by_name (abfd, section_name);
if (msec == NULL)
@@ -706,20 +705,14 @@ read_section (bfd *abfd,
return false;
}
- amt = bfd_get_section_limit_octets (abfd, msec);
- filesize = bfd_get_file_size (abfd);
- /* PR 28834: A compressed debug section could well decompress to a size
- larger than the file, so we choose an arbitrary modifier of 10x in
- the test below. If this ever turns out to be insufficient, it can
- be changed by a future update. */
- if (amt >= filesize * 10)
+ if (_bfd_section_size_insane (abfd, msec))
{
/* PR 26946 */
- _bfd_error_handler (_("DWARF error: section %s is larger than 10x its filesize! (0x%lx vs 0x%lx)"),
- section_name, (long) amt, (long) filesize);
- bfd_set_error (bfd_error_bad_value);
+ _bfd_error_handler (_("DWARF error: section %s is too big"),
+ section_name);
return false;
}
+ amt = bfd_get_section_limit_octets (abfd, msec);
*section_size = amt;
/* Paranoia - alloc one extra so that we can make sure a string
section is NUL terminated. */
@@ -5496,9 +5489,10 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, bfd *debug_bfd,
msec;
msec = find_debug_info (debug_bfd, debug_sections, msec))
{
+ if (_bfd_section_size_insane (debug_bfd, msec))
+ return false;
/* Catch PR25070 testcase overflowing size calculation here. */
- if (total_size + msec->size < total_size
- || total_size + msec->size < msec->size)
+ if (total_size + msec->size < total_size)
{
bfd_set_error (bfd_error_no_memory);
return false;