diff options
| author | Nick Clifton <nickc@redhat.com> | 2014-11-10 14:18:45 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2014-11-10 14:27:38 +0000 |
| commit | 36e9d67b868c85232ab630514260f0d9c9c6b27b (patch) | |
| tree | 62b5f40c0cc1529cb235b367c505804dc4bfcd71 /bfd/opncls.c | |
| parent | b1f28d992c916eab861df3fa62d436755f874b62 (diff) | |
| download | binutils-gdb-36e9d67b868c85232ab630514260f0d9c9c6b27b.tar.gz | |
More fixes for problems exposed by valgrind and the address sanitizer
when displaying the contents of corrupt files.
PR binutils/17521
* coff-i386.c (NUM_HOWTOS): New define.
(RTYPE2HOWTO): Use it.
(coff_i386_rtype_to_howto): Likewise.
(coff_i386_reloc_name_lookup): Likewise.
(CALC_ADDEND): Check that reloc r_type field is valid.
* coff-x86_64.c (NUM_HOWTOS): New define.
(RTYPE2HOWTO): Use it.
(coff_amd64_rtype_to_howto): Likewise.
(coff_amd64_reloc_name_lookup): Likewise.
(CALC_ADDEND): Check that reloc r_type field is valid.
* coffcode.h (coff_slurp_line_table): Check for symbol table
indexing underflow.
(coff_slurp_symbol_table): Use zalloc to ensure that all table
entries are initialised.
* coffgen.c (_bfd_coff_read_string_table): Initialise unused bits
in the string table. Also ensure that the table is 0 terminated.
(coff_get_normalized_symtab): Check for symbol table indexing
underflow.
* opncls.c (bfd_alloc): Catch the case where a small negative size
can result in only 1 byte being allocated.
(bfd_alloc2): Use bfd_alloc.
* pe-mips.c (NUM_HOWTOS): New define.
(coff_mips_reloc_name_lookup): Use it.
(CALC_ADDEND): Check that reloc r_type field is valid.
* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Initialise unused entries
in the DataDirectory.
(pe_print_idata): Avoid reading beyond the end of the data block
wen printing strings.
(pe_print_edata): Likewise.
Check for table indexing underflow.
* peicode.h (pe_mkobject): Initialise the pe_opthdr field.
(pe_bfd_object_p): Allocate and initialize enough space to hold a
PEAOUTHDR, even if the opt_hdr field specified less.
Diffstat (limited to 'bfd/opncls.c')
| -rw-r--r-- | bfd/opncls.c | 26 |
1 files changed, 9 insertions, 17 deletions
diff --git a/bfd/opncls.c b/bfd/opncls.c index a2a35f4e058..a22fba0b096 100644 --- a/bfd/opncls.c +++ b/bfd/opncls.c @@ -937,14 +937,19 @@ void * bfd_alloc (bfd *abfd, bfd_size_type size) { void *ret; + unsigned long ul_size = (unsigned long) size; - if (size != (unsigned long) size) + if (size != ul_size + /* A small negative size can result in objalloc_alloc allocating just + 1 byte of memory, but the caller will be expecting more. So catch + this case here. */ + || (size != 0 && (((ul_size + OBJALLOC_ALIGN - 1) &~ (OBJALLOC_ALIGN - 1)) == 0))) { bfd_set_error (bfd_error_no_memory); return NULL; } - - ret = objalloc_alloc ((struct objalloc *) abfd->memory, (unsigned long) size); + + ret = objalloc_alloc ((struct objalloc *) abfd->memory, ul_size); if (ret == NULL) bfd_set_error (bfd_error_no_memory); return ret; @@ -965,8 +970,6 @@ DESCRIPTION void * bfd_alloc2 (bfd *abfd, bfd_size_type nmemb, bfd_size_type size) { - void *ret; - if ((nmemb | size) >= HALF_BFD_SIZE_TYPE && size != 0 && nmemb > ~(bfd_size_type) 0 / size) @@ -975,18 +978,7 @@ bfd_alloc2 (bfd *abfd, bfd_size_type nmemb, bfd_size_type size) return NULL; } - size *= nmemb; - - if (size != (unsigned long) size) - { - bfd_set_error (bfd_error_no_memory); - return NULL; - } - - ret = objalloc_alloc ((struct objalloc *) abfd->memory, (unsigned long) size); - if (ret == NULL) - bfd_set_error (bfd_error_no_memory); - return ret; + return bfd_alloc (abfd, size * nmemb); } /* |