GNU Binutils with patches for OS216
| 修订版 | c616591359a014fcfdb5acb48e70ecda0823fb46 (tree) |
|---|---|
| 时间 | 2016-08-30 21:51:43 |
| 作者 | Nick Clifton <nickc@redh...> |
| Commiter | Nick Clifton |
Partially revert previous delta - move limit testing code to first scan over symbol file.
PR gprof/20499
* corefile.c (num_of_syms_in): Return an unsigned int.
Fail if the count exceeds the maximum possible allocatable size.
(core_create_syms_from): Exit early if num_of_syms_in returns a
failure code.
gprof/ChangeLog (diff)
gprof/corefile.c (diff)| @@ -2,10 +2,9 @@ | ||
| 2 | 2 | |
| 3 | 3 | PR gprof/20499 |
| 4 | 4 | * corefile.c (num_of_syms_in): Return an unsigned int. |
| 5 | - (core_create_syms_from): Catch a possible integer overflow | |
| 6 | - computing the argument to xmalloc. Also allow for the possibility | |
| 7 | - that an integer overflow in num_of_syms_in means that less space | |
| 8 | - has been allocated than expected. | |
| 5 | + Fail if the count exceeds the maximum possible allocatable size. | |
| 6 | + (core_create_syms_from): Exit early if num_of_syms_in returns a | |
| 7 | + failure code. | |
| 9 | 8 | |
| 10 | 9 | 2016-08-23 Nick Clifton <nickc@redhat.com> |
| 11 | 10 |
| @@ -28,6 +28,7 @@ | ||
| 28 | 28 | #include "hist.h" |
| 29 | 29 | #include "corefile.h" |
| 30 | 30 | #include "safe-ctype.h" |
| 31 | +#include <limits.h> /* For UINT_MAX. */ | |
| 31 | 32 | |
| 32 | 33 | bfd *core_bfd; |
| 33 | 34 | static int core_num_syms; |
| @@ -500,7 +501,11 @@ num_of_syms_in (FILE * f) | ||
| 500 | 501 | { |
| 501 | 502 | if (sscanf (buf, "%" STR_BUFSIZE "s %c %" STR_BUFSIZE "s", address, &type, name) == 3) |
| 502 | 503 | if (type == 't' || type == 'T') |
| 503 | - ++num; | |
| 504 | + { | |
| 505 | + /* PR 20499 - prevent integer overflow computing argument to xmalloc. */ | |
| 506 | + if (++num >= UINT_MAX / sizeof (Sym)) | |
| 507 | + return -1U; | |
| 508 | + } | |
| 504 | 509 | } |
| 505 | 510 | |
| 506 | 511 | return num; |
| @@ -531,11 +536,10 @@ core_create_syms_from (const char * sym_table_file) | ||
| 531 | 536 | fprintf (stderr, _("%s: file `%s' has no symbols\n"), whoami, sym_table_file); |
| 532 | 537 | done (1); |
| 533 | 538 | } |
| 534 | - /* PR 20499 - prevent integer overflow computing argument to xmalloc. */ | |
| 535 | - else if ((symtab.len * (unsigned) sizeof (Sym)) < symtab.len) | |
| 539 | + else if (symtab.len == -1U) | |
| 536 | 540 | { |
| 537 | - fprintf (stderr, _("%s: file `%s' has too many symbols: %u\n"), | |
| 538 | - whoami, sym_table_file, symtab.len); | |
| 541 | + fprintf (stderr, _("%s: file `%s' has too many symbols\n"), | |
| 542 | + whoami, sym_table_file); | |
| 539 | 543 | done (1); |
| 540 | 544 | } |
| 541 | 545 |
| @@ -571,12 +575,6 @@ core_create_syms_from (const char * sym_table_file) | ||
| 571 | 575 | max_vma = MAX (symtab.limit->addr, max_vma); |
| 572 | 576 | |
| 573 | 577 | ++symtab.limit; |
| 574 | - /* PR 20499 - it is theoretically possible that there are so many | |
| 575 | - symbols in the file that the scan in num_of_syms_in() wrapped | |
| 576 | - around. So be paranoid here and exit the loop if we have | |
| 577 | - reached the end of our allocated table. */ | |
| 578 | - if ((unsigned int)(symtab.limit - symtab.base) == symtab.len) | |
| 579 | - break; | |
| 580 | 578 | } |
| 581 | 579 | fclose (f); |
| 582 | 580 |
alaskanemily
Fork