mirror/binutils-gdb
2
0
Fork 0
mirror of https://sourceware.org/git/binutils-gdb.git synced 2024-11-27 03:51:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

som.c buffer overflow

Browse Source 
Fuzzed object files can put random values in bfd_reloc->address,
leading to large som_reloc_skip output.

	* som.c (som_write_fixups): Allow for maximal som_reloc_skip.
This commit is contained in:
Alan Modra 2022-10-26 11:26:34 +10:30
parent 6175be4175
commit 2f6ba62ed3
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bfd/som.c
View File

@ -3005,10 +3005,12 @@ som_write_fixups (bfd *abfd,
then dump the current buffer contents now. Also reinitialize then dump the current buffer contents now. Also reinitialize
the relocation queue. the relocation queue.
No single BFD relocation could ever translate into more A single BFD relocation would probably only ever
than 100 bytes of SOM relocations (20bytes is probably the translate into at most 20 bytes of SOM relocations.
upper limit, but leave lots of space for growth). */ However with fuzzed object files and resulting silly
if (p - tmp_space + 100 > SOM_TMP_BUFSIZE) values for "skip" below, som_reloc_skip can emit 262
bytes. Leave lots of space for growth. */
if (p - tmp_space + 512 > SOM_TMP_BUFSIZE)
{ {
amt = p - tmp_space; amt = p - tmp_space;
if (bfd_bwrite ((void *) tmp_space, amt, abfd) != amt) if (bfd_bwrite ((void *) tmp_space, amt, abfd) != amt)