forked from Imagelibrary/binutils-gdb
Re: PR32399, buffer overflow printing core_file_failing_command
Fix more potential buffer overflows, and correct trad-code.c and
cisco-core.c where they should be using bfd_{z}alloc rather than
bfd_{z}malloc. To stop buffer overflows with fuzzed objects that
don't have a terminator on the core_file_failing_command string, this
patch allocates an extra byte at the end of the entire header buffer
rather than poking a NUL at the end of the name array (u_comm[] or
similar) because (a) it's better to not overwrite the file data, and
(b) it is possible that some core files make use of fields in struct
user beyond the end of u_comm to extend the command name. The patch
also changes some unnecessary uses of bfd_zalloc to bfd_alloc.
There's not much point in clearing memeory that will shortly be
completely overwritten.
PR 32399
* aix5ppc-core.c (xcoff64_core_p): Allocate an extra byte to
ensure the core_file_failing_command string is terminated.
* netbsd-core.c (netbsd_core_file_p): Likewise.
* ptrace-core.c (ptrace_unix_core_file_p): Likewise.
* rs6000-core.c (rs6000coff_core_p): Likewise.
* trad-core.c (trad_unix_core_file_p): Likewise, and bfd_alloc
tdata rather than bfd_zmalloc.
* cisco-core.c (cisco_core_file_validate): bfd_zalloc tdata.
This commit is contained in:
Alan Modra
@@ -154,7 +154,7 @@ cisco_core_file_validate (bfd *abfd, int crash_info_loc)
|
||||
/* OK, we believe you. You're a core file. */
|
||||
|
||||
amt = sizeof (struct cisco_core_struct);
|
||||
abfd->tdata.cisco_core_data = (struct cisco_core_struct *) bfd_zmalloc (amt);
|
||||
abfd->tdata.cisco_core_data = bfd_zalloc (abfd, amt);
|
||||
if (abfd->tdata.cisco_core_data == NULL)
|
||||
return NULL;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user