Fix memory access violations triggered by processing fuzzed binaries with a 32-bit...

	PR binutils/17531
	* dwarf.c (xcmalloc): Fail if the arguments are too big.
	(xcrealloc): Likewise.
	(xcalloc2): Likewise.

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 6cd306a..9e682c1 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -4,6 +4,11 @@
        * dwarf.c (display_debug_frames): Fix range checks to work on
        32-bit binaries complied on a 64-bit host.
 
+       PR binutils/17531
+       * dwarf.c (xcmalloc): Fail if the arguments are too big.
+       (xcrealloc): Likewise.
+       (xcalloc2): Likewise.
+
 2015-02-05  Alan Modra  <amodra@gmail.com>
 
        PR binutils/17926

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 2edacb8..cebd8c9 100644 (file)
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -7217,7 +7217,12 @@ xcmalloc (size_t nmemb, size_t size)
 {
   /* Check for overflow.  */
   if (nmemb >= ~(size_t) 0 / size)
-    return NULL;
+    {
+      fprintf (stderr,
+              _("Attempt to allocate an array with an excessive number of elements: 0x%lx\n"),
+              (long) nmemb);
+      xexit (1);
+    }
 
   return xmalloc (nmemb * size);
 }
@@ -7230,7 +7235,12 @@ xcrealloc (void *ptr, size_t nmemb, size_t size)
 {
   /* Check for overflow.  */
   if (nmemb >= ~(size_t) 0 / size)
-    return NULL;
+    {
+      fprintf (stderr,
+              _("Attempt to re-allocate an array with an excessive number of elements: 0x%lx\n"),
+              (long) nmemb);
+      xexit (1);
+    }
 
   return xrealloc (ptr, nmemb * size);
 }
@@ -7241,7 +7251,12 @@ xcalloc2 (size_t nmemb, size_t size)
 {
   /* Check for overflow.  */
   if (nmemb >= ~(size_t) 0 / size)
-    return NULL;
+    {
+      fprintf (stderr,
+              _("Attempt to allocate a zero'ed array with an excessive number of elements: 0x%lx\n"),
+              (long) nmemb);
+      xexit (1);
+    }
 
   return xcalloc (nmemb, size);
 }