From patchwork Fri Feb 3 05:40:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alan Modra X-Patchwork-Id: 52314 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp659654wrn; Thu, 2 Feb 2023 21:41:06 -0800 (PST) X-Google-Smtp-Source: AK7set8b5yhfFhiOeFxQVAycsb1PrEWFwUTJjZx6lFuMsHDzzwwrokZORSowVq5PjuIRN3vKVabl X-Received: by 2002:a17:906:4b16:b0:88d:72c0:611 with SMTP id y22-20020a1709064b1600b0088d72c00611mr9581961eju.3.1675402866706; Thu, 02 Feb 2023 21:41:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1675402866; cv=none; d=google.com; s=arc-20160816; b=qHudvFjCOo9VQ7G7xWmdDZdui5tfOW6yKVIrXoUxrYrWszQ741obMrZEDrpo0gOzzY 9cTPUQSdWHsoR1hVqCYoui0YBXpB3xE3bP+BhcH8gPlPz2ESATF+zJVWDs76Sj4DAIDM ATwHH5FHFNZ3X0zaC0FSECubgy7dkwFje+48kjm484OkUsj0k0FhaCLUXQqGrYlxyUuw ndscSzPwtzqRoYAH6THyn6qUaRYbIv4uHrVs+9l0YO009FHzDQd8S2Lom9OgvjOY7qR8 Dw4TyiVIxtwp3IrDfi4Y3lOg02O/ovh13KX2QGosTY8l/jDR4+lbSkNEjhbTOy2UZBQ6 gB7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-disposition:mime-version:message-id:subject:to:date :dmarc-filter:delivered-to:dkim-signature:dkim-filter; bh=VXk1ROWWfbLRB8n/l5hzxWgkdOEm+/6t5DSbaGfFxaM=; b=YB/dX4o5hVVMFL+DTwcd9YG3hfH6nIthPIfluXS+NOaHj52RkT1bAGgWlzSy3szG1V FZdkFodBRsEtUBqu4zz1RKFQ1TgW26EtzDDg68JfOauvnCodN41l6KN+bDSNlAXO5snw 0BzS1kM4GsCaI4C/FsjfltXdP2Zk7KTk51kaFPkvQArGCWNHZ4ysIwIpLi13/A7UDFAi V9ChlY4k02ZnfmHBlGnOvsGGQaDVVvsMlQdG0Q1d+wyEN2RB/NP0EmJqssyIjcjka5Cj AFH4kvWgb4YQOUMAYQSXVXOZV4ldIcRA9fx8aVs540gOs7QmhiCC0ywWcMcDc+7BZwnz AIcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=xpw3bCWe; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id ez24-20020a1709070bd800b0087787cec039si1619581ejc.311.2023.02.02.21.41.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Feb 2023 21:41:06 -0800 (PST) Received-SPF: pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@sourceware.org header.s=default header.b=xpw3bCWe; spf=pass (google.com: domain of binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id BF2203858409 for ; Fri, 3 Feb 2023 05:41:05 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org BF2203858409 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1675402865; bh=VXk1ROWWfbLRB8n/l5hzxWgkdOEm+/6t5DSbaGfFxaM=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=xpw3bCWedIjFVXgxzTJNnfdvEOSC9NB5g3rvD4+gE+fvWRwzRyH7atIf8Kv8l6RlL nNx/HCOe7YOFa7jSnJe7YS0+d8gzIgqJ/zi05/iWcoLt/lUdVVP0gdfrANc0l2vruB 3rvmg4bL4s26+uQLhSoU9Dvdso0So8josXe0cOaU= X-Original-To: binutils@sourceware.org Delivered-To: binutils@sourceware.org Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) by sourceware.org (Postfix) with ESMTPS id C6D9C3858C5E for ; Fri, 3 Feb 2023 05:40:57 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C6D9C3858C5E Received: by mail-pl1-x632.google.com with SMTP id k13so4273340plg.0 for ; Thu, 02 Feb 2023 21:40:57 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VXk1ROWWfbLRB8n/l5hzxWgkdOEm+/6t5DSbaGfFxaM=; b=h3NHUyhs1b1GcRI8+WugPA+88y8vXlB1uXAIQLQRbnZWcPsLJKNmXSVoFqHZqexn3r Z0Adho8r60XQY/CwZOG/rI49TMyBC+La7Ok9oI+m8dbjKX3bu0R/I6bSAVIJf4T/ZXGw 0QJOnxtLX2hKLi1cfKfUufIA0AI5tv06T8l7T3WSFLo7sAlaRY/DWEU0Ix0gbCpzXXBz pmEr0nSXZJoWb4CTOd4631F5l49MdKjez61wSCWJ7nqRnYxDb5XYII8ghRcPOHxYYXmJ Yy90viPyVyqdccVyudcBaXT5maiUgbJKlpNdMZvY3JUWcGcn7XHpmUi/GdoBvioEVPcJ gEmA== X-Gm-Message-State: AO0yUKVsd3RBUh9TTYQMgWFIAH2b+lWzfN3/0yeZ7dIkAC/Gzhz4J/zc o/q34468zUN+xSFSMuJbsFh6DkwTRmQ= X-Received: by 2002:a17:90b:4a06:b0:22b:f84e:5f9a with SMTP id kk6-20020a17090b4a0600b0022bf84e5f9amr9408479pjb.43.1675402856449; Thu, 02 Feb 2023 21:40:56 -0800 (PST) Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au. [58.96.106.158]) by smtp.gmail.com with ESMTPSA id t3-20020a17090a2f8300b0022c147850cbsm760948pjd.36.2023.02.02.21.40.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Feb 2023 21:40:56 -0800 (PST) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id 512C21142F0F; Fri, 3 Feb 2023 16:10:53 +1030 (ACDT) Date: Fri, 3 Feb 2023 16:10:53 +1030 To: binutils@sourceware.org Subject: Add ECOFF Symbolic Header sanity checks Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Spam-Status: No, score=-3035.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: binutils@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binutils mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Alan Modra via Binutils From: Alan Modra Reply-To: Alan Modra Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org Sender: "Binutils" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756787236718850115?= X-GMAIL-MSGID: =?utf-8?q?1756787236718850115?= Anti-fuzzer measures. The checks don't ensure the various elements in the header are distinct, but that isn't important as far as making sure we don't overrun the buffer containing all the elements. Also, we now don't care about offsets where the corresponding count is zero. * ecoff.c (_bfd_ecoff_slurp_symbolic_info): Sanity check offsets in debug->symbolic_header. diff --git a/bfd/ecoff.c b/bfd/ecoff.c index 717d2fa2c75..48f33df630e 100644 --- a/bfd/ecoff.c +++ b/bfd/ecoff.c @@ -527,12 +527,24 @@ _bfd_ecoff_slurp_symbolic_info (bfd *abfd, documented section. And the ordering of the sections varies between statically and dynamically linked executables. If bfd supports SEEK_END someday, this code could be simplified. */ - raw_end = 0; + raw_end = raw_base; #define UPDATE_RAW_END(start, count, size) \ - cb_end = internal_symhdr->start + internal_symhdr->count * (size); \ - if (cb_end > raw_end) \ - raw_end = cb_end + do \ + if (internal_symhdr->count != 0) \ + { \ + if (internal_symhdr->start < raw_base) \ + goto err; \ + if (_bfd_mul_overflow ((unsigned long) internal_symhdr->count, \ + (size), &amt)) \ + goto err; \ + cb_end = internal_symhdr->start + amt; \ + if (cb_end < internal_symhdr->start) \ + goto err; \ + if (cb_end > raw_end) \ + raw_end = cb_end; \ + } \ + while (0) UPDATE_RAW_END (cbLineOffset, cbLine, sizeof (unsigned char)); UPDATE_RAW_END (cbDnOffset, idnMax, backend->debug_swap.external_dnr_size); @@ -599,6 +611,7 @@ _bfd_ecoff_slurp_symbolic_info (bfd *abfd, if (_bfd_mul_overflow ((unsigned long) internal_symhdr->ifdMax, sizeof (struct fdr), &amt)) { + err: bfd_set_error (bfd_error_file_too_big); return false; }