diff options
author | Nick Clifton <nickc@redhat.com> | 2020-01-03 14:41:02 +0000 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2020-01-03 14:41:02 +0000 |
commit | 7a0fb7be96e0ce79e1ae429bc1ba913e5244d537 (patch) | |
tree | 2cd6d1c387030ff641bee30455eee384d516d7a9 /bfd/elf32-arm.c | |
parent | a2322019f5669e80444cdf6a8222f94a45301b3a (diff) | |
download | binutils-gdb-7a0fb7be96e0ce79e1ae429bc1ba913e5244d537.tar.gz |
Fix potential illegal memory access failures in the BFD library by ensuring that the return value from bfd_malloc() is checked before it is used.
PR 25308
* elf-properties.c (_bfd_elf_convert_gnu_properties): Check the
return value from bfd_malloc.
* elf32-arm.c (bfd_elf32_arm_vfp11_fix_veneer_locations): Likewise.
(bfd_elf32_arm_stm32l4xx_fix_veneer_locations): Likewise.
(elf32_arm_filter_cmse_symbols): Likewise.
(elf32_arm_write_section): Likewise.
* mach-o.c (bfd_mach_o_core_fetch_environment): Likewise.
(bfd_mach_o_follow_dsym): Likewise.
* pef.c (bfd_pef_print_loader_section): Likewise.
(bfd_pef_scan_start_address): Likewise.
(bfd_pef_parse_function_stubs): Likewise.
(bfd_pef_parse_symbols): Likewise.
Diffstat (limited to 'bfd/elf32-arm.c')
-rw-r--r-- | bfd/elf32-arm.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/bfd/elf32-arm.c b/bfd/elf32-arm.c index ae8a269426c..2bf355a3312 100644 --- a/bfd/elf32-arm.c +++ b/bfd/elf32-arm.c @@ -7148,7 +7148,6 @@ find_arm_glue (struct bfd_link_info *link_info, tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen (name) + strlen (ARM2THUMB_GLUE_ENTRY_NAME) + 1); - BFD_ASSERT (tmp_name); sprintf (tmp_name, ARM2THUMB_GLUE_ENTRY_NAME, name); @@ -7323,7 +7322,6 @@ record_arm_to_thumb_glue (struct bfd_link_info * link_info, tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen (name) + strlen (ARM2THUMB_GLUE_ENTRY_NAME) + 1); - BFD_ASSERT (tmp_name); sprintf (tmp_name, ARM2THUMB_GLUE_ENTRY_NAME, name); @@ -7401,7 +7399,6 @@ record_arm_bx_glue (struct bfd_link_info * link_info, int reg) /* Add symbol for veneer. */ tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen (ARM_BX_GLUE_ENTRY_NAME) + 1); - BFD_ASSERT (tmp_name); sprintf (tmp_name, ARM_BX_GLUE_ENTRY_NAME, reg); @@ -7493,7 +7490,6 @@ record_vfp11_erratum_veneer (struct bfd_link_info *link_info, tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen (VFP11_ERRATUM_VENEER_ENTRY_NAME) + 10); - BFD_ASSERT (tmp_name); sprintf (tmp_name, VFP11_ERRATUM_VENEER_ENTRY_NAME, @@ -7613,7 +7609,6 @@ record_stm32l4xx_erratum_veneer (struct bfd_link_info *link_info, tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen (STM32L4XX_ERRATUM_VENEER_ENTRY_NAME) + 10); - BFD_ASSERT (tmp_name); sprintf (tmp_name, STM32L4XX_ERRATUM_VENEER_ENTRY_NAME, @@ -8644,6 +8639,7 @@ bfd_elf32_arm_vfp11_fix_veneer_locations (bfd *abfd, tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen (VFP11_ERRATUM_VENEER_ENTRY_NAME) + 10); + BFD_ASSERT (tmp_name); for (sec = abfd->sections; sec != NULL; sec = sec->next) { @@ -8731,6 +8727,7 @@ bfd_elf32_arm_stm32l4xx_fix_veneer_locations (bfd *abfd, tmp_name = (char *) bfd_malloc ((bfd_size_type) strlen (STM32L4XX_ERRATUM_VENEER_ENTRY_NAME) + 10); + BFD_ASSERT (tmp_name); for (sec = abfd->sections; sec != NULL; sec = sec->next) { @@ -18505,6 +18502,8 @@ elf32_arm_filter_cmse_symbols (bfd *abfd ATTRIBUTE_UNUSED, maxnamelen = 128; cmse_name = (char *) bfd_malloc (maxnamelen); + BFD_ASSERT (cmse_name); + for (src_count = 0; src_count < symcount; src_count++) { struct elf32_arm_link_hash_entry *cmse_hash; @@ -19700,6 +19699,8 @@ elf32_arm_write_section (bfd *output_bfd, unsigned int in_index, out_index; bfd_vma add_to_offsets = 0; + if (edited_contents == NULL) + return FALSE; for (in_index = 0, out_index = 0; in_index * 8 < input_size || edit_node;) { if (edit_node) |