From patchwork Fri Mar 17 10:46:10 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alan Modra <amodra@gmail.com>
X-Patchwork-Id: 71237
Return-Path: <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:604a:0:0:0:0:0 with SMTP id j10csp263818wrt;
        Fri, 17 Mar 2023 03:46:57 -0700 (PDT)
X-Google-Smtp-Source: 
 AK7set9E3tRUYfMvf1fL3DgHLO90PUp61Xuw9ts50raWyLDZe716JW44NihiF06XNvWsoRThNxp9
X-Received: by 2002:a17:906:480e:b0:930:57e5:d9a8 with SMTP id
 w14-20020a170906480e00b0093057e5d9a8mr5656617ejq.68.1679050017512;
        Fri, 17 Mar 2023 03:46:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1679050017; cv=none;
        d=google.com; s=arc-20160816;
        b=Dug2q0dDWCGuC5DL0NKEIDcyb3KiSuBK12L8ujR5/HzIUfu3dcVWmW0tltAM7xdzX8
         KyJU+RvLLky7yfxzWwKdYu7Sy4vlKjWPHiy9ummMRkXfhKu/JAEINtOFjHTploTZxVHe
         a9sPlz5PldjPfZaHU36EgFW0A7zTWX2Uhc0/m9leQMy90uQ76VeL2cWOrOSeAcwIEQ0u
         SRanaZ/R1BYBUD0Xj/rb8u+qqvaw93Rcbeva8nTzFmmLy/0/mvtSXV4F32ZnStwi9ZXO
         N8l9S13P5IZEtx4Iv9SzirUgAtpGj8JGO6PAU6H3beA+B4LY5+ILf3ptIO+fkqisCEla
         KrSQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post
         :list-archive:list-unsubscribe:list-id:precedence
         :content-disposition:mime-version:message-id:subject:to:date
         :dmarc-filter:delivered-to:dkim-signature:dkim-filter;
        bh=Zez5vuJXmItLqZJgL/on46rD1TNCjhfTXDydx7/cBDA=;
        b=LUew8ZkVWqnApeB8j6kz09y4sB/34m5Vmw4rve5sVN58ZmFLTpgbiKzswnYWptBR9N
         8SFl0Nh8z59rue7+fgdyUCliXiX3IQ6tUmY7fuCjI7fu7T1TWhp6XTpwUcRI7LW40GQ8
         OZyeZxApBUE9nqhk/hMOSSp6HOaTz9QDX74dyUNrls1eQupzwTbVgFT+ZSSwQpx5iZL9
         QaTACES8pcomNUHPlKgEEoKPOC88nV0Is/3bWD6m7xHaoDONnVi5tfbirG93EFaL2gFv
         YZBRmUXuGn1Ipbx8JfVKFrooNj3IMHc071nZPMw8ylYTN3Wwi0N7HrS9wW7HSSo5RcPA
         zcug==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@sourceware.org header.s=default header.b=l+r7BAFW;
       spf=pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org
Received: from sourceware.org (server2.sourceware.org. [8.43.85.97])
        by mx.google.com with ESMTPS id
 lc8-20020a170906dfe800b0092aec83107esi1937644ejc.660.2023.03.17.03.46.57
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 17 Mar 2023 03:46:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as
 permitted sender) client-ip=8.43.85.97;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@sourceware.org header.s=default header.b=l+r7BAFW;
       spf=pass (google.com: domain of
 binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 7BB3738555A0
	for <ouuuleilei@gmail.com>; Fri, 17 Mar 2023 10:46:56 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7BB3738555A0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1679050016;
	bh=Zez5vuJXmItLqZJgL/on46rD1TNCjhfTXDydx7/cBDA=;
	h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=l+r7BAFW0laJoPsnS4estDu5u3j3u7FzQq+PJRri9wN4pSEsBxzYFc22FTP1LDDEg
	 2BP/qk1loklM856P1Wg2j/aAFVLbAgikDCykAP2/7NXH6CSJoJBcLOAbkgY+Tu6grl
	 +3CvDDZpaXc+EVYtz4CrXGu+1SOpfpkblYO53I3c=
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com
 [IPv6:2607:f8b0:4864:20::62c])
 by sourceware.org (Postfix) with ESMTPS id 8318A3858431
 for <binutils@sourceware.org>; Fri, 17 Mar 2023 10:46:14 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8318A3858431
Received: by mail-pl1-x62c.google.com with SMTP id u5so4870257plq.7
 for <binutils@sourceware.org>; Fri, 17 Mar 2023 03:46:14 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112; t=1679049973;
 h=content-disposition:mime-version:message-id:subject:to:from:date
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=Zez5vuJXmItLqZJgL/on46rD1TNCjhfTXDydx7/cBDA=;
 b=IRs8UfdHNqXwXMI9ME/LpqwiPglqcNTC88VYq2JcF0DXHHhXYSR2fgO8Y+m7o+usAK
 bgKUShF/si8m23ShfSMExiqMRuxV/DhdTziIGN1Dx733oshaDEsJ4/kqURyO80hoS7/2
 nmyurDroXPGVAeuzf/cAgKVaBna2oSJWQv1Q8wk37v4D5KWKnaYnlukoFAriLPVbjb7a
 HUIiuHCGXZ1llH0vvcCpaoVTdTV5DVwMu/AAkhovg4hINx9CBaCvFlNzuetrDkpxmYhA
 XZhPC96az+jc4nFHvhakW9n/xU6tZdFUTLDvcUu5okc+InQNUxsx0E+STlEUr/ASDUCn
 0GNg==
X-Gm-Message-State: AO0yUKX4WpR3sxiLZ7UsPXubxNtaFWiQ9TyeanQkwtfm3qFzv1cmWZCz
 XwA73+ZUZXmTwHqQ58yUP0z2eGEFhOY=
X-Received: by 2002:a17:90b:180f:b0:237:b702:499f with SMTP id
 lw15-20020a17090b180f00b00237b702499fmr7704874pjb.22.1679049973354;
 Fri, 17 Mar 2023 03:46:13 -0700 (PDT)
Received: from squeak.grove.modra.org (158.106.96.58.static.exetel.com.au.
 [58.96.106.158]) by smtp.gmail.com with ESMTPSA id
 y4-20020a17090a538400b00233ebcb52a6sm4601531pjh.36.2023.03.17.03.46.12
 for <binutils@sourceware.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 17 Mar 2023 03:46:13 -0700 (PDT)
Received: by squeak.grove.modra.org (Postfix, from userid 1000)
 id 938F41142E9E; Fri, 17 Mar 2023 21:16:10 +1030 (ACDT)
Date: Fri, 17 Mar 2023 21:16:10 +1030
To: binutils@sourceware.org
Subject: mach-o: out of memory in get_dynamic_reloc_upper_bound
Message-ID: <ZBRE8g4zs0fVGz5o@squeak.grove.modra.org>
MIME-Version: 1.0
Content-Disposition: inline
X-Spam-Status: No, score=-3035.2 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
 <mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
 <mailto:binutils-request@sourceware.org?subject=subscribe>
X-Patchwork-Original-From: Alan Modra via Binutils <binutils@sourceware.org>
From: Alan Modra <amodra@gmail.com>
Reply-To: Alan Modra <amodra@gmail.com>
Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org
Sender: "Binutils" <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1760611551417052524?=
X-GMAIL-MSGID: =?utf-8?q?1760611551417052524?=

* mach-o.c (bfd_mach_o_canonicalize_dynamic_reloc): Move sanity
	checks..
	(bfd_mach_o_get_dynamic_reloc_upper_bound): ..to here.

diff --git a/bfd/mach-o.c b/bfd/mach-o.c
index 0a91095a5d6..9b9aba5ae89 100644
--- a/bfd/mach-o.c
+++ b/bfd/mach-o.c
@@ -1701,11 +1701,36 @@ long
 bfd_mach_o_get_dynamic_reloc_upper_bound (bfd *abfd)
 {
   bfd_mach_o_data_struct *mdata = bfd_mach_o_get_data (abfd);
+  bfd_mach_o_dysymtab_command *dysymtab = mdata->dysymtab;
 
-  if (mdata->dysymtab == NULL)
+  if (dysymtab == NULL)
     return 1;
-  return (mdata->dysymtab->nextrel + mdata->dysymtab->nlocrel + 1)
-    * sizeof (arelent *);
+
+  ufile_ptr filesize = bfd_get_file_size (abfd);
+  size_t amt;
+
+  if (filesize != 0)
+    {
+      if (dysymtab->extreloff > filesize
+	  || dysymtab->nextrel > ((filesize - dysymtab->extreloff)
+				  / BFD_MACH_O_RELENT_SIZE)
+	  || dysymtab->locreloff > filesize
+	  || dysymtab->nlocrel > ((filesize - dysymtab->locreloff)
+				  / BFD_MACH_O_RELENT_SIZE))
+	{
+	  bfd_set_error (bfd_error_file_truncated);
+	  return -1;
+	}
+    }
+  if (dysymtab->nextrel + dysymtab->nlocrel < dysymtab->nextrel
+      || _bfd_mul_overflow (dysymtab->nextrel + dysymtab->nlocrel,
+			    sizeof (arelent), &amt))
+    {
+      bfd_set_error (bfd_error_file_too_big);
+      return -1;
+    }
+
+  return (dysymtab->nextrel + dysymtab->nlocrel + 1) * sizeof (arelent *);
 }
 
 long
@@ -1729,29 +1754,7 @@ bfd_mach_o_canonicalize_dynamic_reloc (bfd *abfd, arelent **rels,
 
   if (mdata->dyn_reloc_cache == NULL)
     {
-      ufile_ptr filesize = bfd_get_file_size (abfd);
-      size_t amt;
-
-      if (filesize != 0)
-	{
-	  if (dysymtab->extreloff > filesize
-	      || dysymtab->nextrel > ((filesize - dysymtab->extreloff)
-				      / BFD_MACH_O_RELENT_SIZE)
-	      || dysymtab->locreloff > filesize
-	      || dysymtab->nlocrel > ((filesize - dysymtab->locreloff)
-				      / BFD_MACH_O_RELENT_SIZE))
-	    {
-	      bfd_set_error (bfd_error_file_truncated);
-	      return -1;
-	    }
-	}
-      if (_bfd_mul_overflow (dysymtab->nextrel + dysymtab->nlocrel,
-			     sizeof (arelent), &amt))
-	{
-	  bfd_set_error (bfd_error_file_too_big);
-	  return -1;
-	}
-
+      size_t amt = (dysymtab->nextrel + dysymtab->nlocrel) * sizeof (arelent);
       res = bfd_malloc (amt);
       if (res == NULL)
 	return -1;