| Révision | ffbe89531c2e9bfd81a16241e1d17fff134fab9e (tree) |
|---|---|
| l'heure | 2022-10-27 16:26:51 |
| Auteur | Alan Modra <amodra@gmai...> |
| Commiter | Alan Modra |
Fuzzed files in archives
Given a fuzzed object file in an archive with section size exceeding
file size, objcopy will report an error like "section size (0xfeffffff
bytes) is larger than file size (0x17a bytes)" but will create a copy
of the object laid out for the large section. That means a large
temporary file on disk that is read back and written to the output
archive, which can take a while. The output archive is then deleted
due to the error. Avoid some of this silliness.
* objcopy.c (copy_section): If section contents cannot be read
set output section size to zero.
binutils/objcopy.c (diff)| @@ -4418,6 +4418,7 @@ copy_section (bfd *ibfd, sec_ptr isection, void *obfdarg) | ||
| 4418 | 4418 | || !bfd_convert_section_contents (ibfd, isection, obfd, |
| 4419 | 4419 | &memhunk, &size)) |
| 4420 | 4420 | { |
| 4421 | + bfd_set_section_size (osection, 0); | |
| 4421 | 4422 | status = 1; |
| 4422 | 4423 | bfd_nonfatal_message (NULL, ibfd, isection, NULL); |
| 4423 | 4424 | free (memhunk); |
Fork