mirror of
https://git.yoctoproject.org/poky
synced 2026-03-13 18:59:40 +01:00
4b721dc5c8
(From OE-Core rev: bc480221d8091be460a1b8c4d023b9841e1df3c2) Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
150 lines
4.5 KiB
Diff
150 lines
4.5 KiB
Diff
From: Alan Modra <amodra@gmail.com>
|
|
Date: Fri, 14 Oct 2022 00:00:21 +0000 (+1030)
|
|
Subject: PR29677, Field `the_bfd` of `asymbol` is uninitialised
|
|
X-Git-Tag: gdb-13-branchpoint~871
|
|
X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1
|
|
|
|
PR29677, Field `the_bfd` of `asymbol` is uninitialised
|
|
|
|
Besides not initialising the_bfd of synthetic symbols, counting
|
|
symbols when sizing didn't match symbols created if there were any
|
|
dynsyms named "". We don't want synthetic symbols without names
|
|
anyway, so get rid of them. Also, simplify and correct sanity checks.
|
|
|
|
PR 29677
|
|
* mach-o.c (bfd_mach_o_get_synthetic_symtab): Rewrite.
|
|
|
|
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1]
|
|
|
|
CVE: CVE-2023-25588
|
|
CVE: CVE-2022-47696
|
|
|
|
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
|
|
Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com>
|
|
|
|
---
|
|
|
|
diff --git a/bfd/mach-o.c b/bfd/mach-o.c
|
|
index acb35e7f0c6..5279343768c 100644
|
|
--- a/bfd/mach-o.c
|
|
+++ b/bfd/mach-o.c
|
|
@@ -938,11 +938,9 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
|
|
bfd_mach_o_symtab_command *symtab = mdata->symtab;
|
|
asymbol *s;
|
|
char * s_start;
|
|
- char * s_end;
|
|
unsigned long count, i, j, n;
|
|
size_t size;
|
|
char *names;
|
|
- char *nul_name;
|
|
const char stub [] = "$stub";
|
|
|
|
*ret = NULL;
|
|
@@ -955,27 +953,27 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
|
|
/* We need to allocate a bfd symbol for every indirect symbol and to
|
|
allocate the memory for its name. */
|
|
count = dysymtab->nindirectsyms;
|
|
- size = count * sizeof (asymbol) + 1;
|
|
-
|
|
+ size = 0;
|
|
for (j = 0; j < count; j++)
|
|
{
|
|
- const char * strng;
|
|
unsigned int isym = dysymtab->indirect_syms[j];
|
|
+ const char *str;
|
|
|
|
/* Some indirect symbols are anonymous. */
|
|
- if (isym < symtab->nsyms && (strng = symtab->symbols[isym].symbol.name))
|
|
- /* PR 17512: file: f5b8eeba. */
|
|
- size += strnlen (strng, symtab->strsize - (strng - symtab->strtab)) + sizeof (stub);
|
|
+ if (isym < symtab->nsyms
|
|
+ && (str = symtab->symbols[isym].symbol.name) != NULL)
|
|
+ {
|
|
+ /* PR 17512: file: f5b8eeba. */
|
|
+ size += strnlen (str, symtab->strsize - (str - symtab->strtab));
|
|
+ size += sizeof (stub);
|
|
+ }
|
|
}
|
|
|
|
- s_start = bfd_malloc (size);
|
|
+ s_start = bfd_malloc (size + count * sizeof (asymbol));
|
|
s = *ret = (asymbol *) s_start;
|
|
if (s == NULL)
|
|
return -1;
|
|
names = (char *) (s + count);
|
|
- nul_name = names;
|
|
- *names++ = 0;
|
|
- s_end = s_start + size;
|
|
|
|
n = 0;
|
|
for (i = 0; i < mdata->nsects; i++)
|
|
@@ -997,47 +995,39 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
|
|
entry_size = bfd_mach_o_section_get_entry_size (abfd, sec);
|
|
|
|
/* PR 17512: file: 08e15eec. */
|
|
- if (first >= count || last >= count || first > last)
|
|
+ if (first >= count || last > count || first > last)
|
|
goto fail;
|
|
|
|
for (j = first; j < last; j++)
|
|
{
|
|
unsigned int isym = dysymtab->indirect_syms[j];
|
|
-
|
|
- /* PR 17512: file: 04d64d9b. */
|
|
- if (((char *) s) + sizeof (* s) > s_end)
|
|
- goto fail;
|
|
-
|
|
- s->flags = BSF_GLOBAL | BSF_SYNTHETIC;
|
|
- s->section = sec->bfdsection;
|
|
- s->value = addr - sec->addr;
|
|
- s->udata.p = NULL;
|
|
+ const char *str;
|
|
+ size_t len;
|
|
|
|
if (isym < symtab->nsyms
|
|
- && symtab->symbols[isym].symbol.name)
|
|
+ && (str = symtab->symbols[isym].symbol.name) != NULL)
|
|
{
|
|
- const char *sym = symtab->symbols[isym].symbol.name;
|
|
- size_t len;
|
|
-
|
|
- s->name = names;
|
|
- len = strlen (sym);
|
|
- /* PR 17512: file: 47dfd4d2. */
|
|
- if (names + len >= s_end)
|
|
+ /* PR 17512: file: 04d64d9b. */
|
|
+ if (n >= count)
|
|
goto fail;
|
|
- memcpy (names, sym, len);
|
|
- names += len;
|
|
- /* PR 17512: file: 18f340a4. */
|
|
- if (names + sizeof (stub) >= s_end)
|
|
+ len = strnlen (str, symtab->strsize - (str - symtab->strtab));
|
|
+ /* PR 17512: file: 47dfd4d2, 18f340a4. */
|
|
+ if (size < len + sizeof (stub))
|
|
goto fail;
|
|
- memcpy (names, stub, sizeof (stub));
|
|
- names += sizeof (stub);
|
|
+ memcpy (names, str, len);
|
|
+ memcpy (names + len, stub, sizeof (stub));
|
|
+ s->name = names;
|
|
+ names += len + sizeof (stub);
|
|
+ size -= len + sizeof (stub);
|
|
+ s->the_bfd = symtab->symbols[isym].symbol.the_bfd;
|
|
+ s->flags = BSF_GLOBAL | BSF_SYNTHETIC;
|
|
+ s->section = sec->bfdsection;
|
|
+ s->value = addr - sec->addr;
|
|
+ s->udata.p = NULL;
|
|
+ s++;
|
|
+ n++;
|
|
}
|
|
- else
|
|
- s->name = nul_name;
|
|
-
|
|
addr += entry_size;
|
|
- s++;
|
|
- n++;
|
|
}
|
|
break;
|
|
default:
|