d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libiberty: prevent integer overflow.

Browse Source 
Take care of very old bug leading to heap-buffer overflow by
processing certain file headers via bfd binary.

PR:		200888
Obtained from:	OpenBSD
MFC after:	2 weeks
This commit is contained in:
Pedro F. Giffuni 2016-06-03 21:37:24 +00:00
parent 987c375f87
commit e8c66cf087
2 changed files with 11 additions and 4 deletions
contrib/gcclibs
include
objalloc.h
libiberty
objalloc.c

4
contrib/gcclibs/include/objalloc.h

@ -1,5 +1,5 @@
/* objalloc.h -- routines to allocate memory for objects /* objalloc.h -- routines to allocate memory for objects
Copyright 1997, 2001 Free Software Foundation, Inc. Copyright 1997, 2001-2012 Free Software Foundation, Inc.
Written by Ian Lance Taylor, Cygnus Solutions. Written by Ian Lance Taylor, Cygnus Solutions.
This program is free software; you can redistribute it and/or modify it This program is free software; you can redistribute it and/or modify it
@ -91,7 +91,7 @@ extern void *_objalloc_alloc (struct objalloc *, unsigned long);
if (__len == 0) \ if (__len == 0) \
__len = 1; \ __len = 1; \
__len = (__len + OBJALLOC_ALIGN - 1) &~ (OBJALLOC_ALIGN - 1); \ __len = (__len + OBJALLOC_ALIGN - 1) &~ (OBJALLOC_ALIGN - 1); \
(__len <= __o->current_space \ (__len != 0 && __len <= __o->current_space \
? (__o->current_ptr += __len, \ ? (__o->current_ptr += __len, \
__o->current_space -= __len, \ __o->current_space -= __len, \
(void *) (__o->current_ptr - __len)) \ (void *) (__o->current_ptr - __len)) \

11
contrib/gcclibs/libiberty/objalloc.c

@ -1,5 +1,5 @@
/* objalloc.c -- routines to allocate memory for objects /* objalloc.c -- routines to allocate memory for objects
Copyright 1997 Free Software Foundation, Inc. Copyright 1997-2012 Free Software Foundation, Inc.
Written by Ian Lance Taylor, Cygnus Solutions. Written by Ian Lance Taylor, Cygnus Solutions.
This program is free software; you can redistribute it and/or modify it This program is free software; you can redistribute it and/or modify it
@ -112,8 +112,10 @@ objalloc_create (void)
/* Allocate space from an objalloc structure. */ /* Allocate space from an objalloc structure. */
PTR PTR
_objalloc_alloc (struct objalloc *o, unsigned long len) _objalloc_alloc (struct objalloc *o, unsigned long original_len)
{ {
unsigned long len = original_len;
/* We avoid confusion from zero sized objects by always allocating /* We avoid confusion from zero sized objects by always allocating
at least 1 byte. */ at least 1 byte. */
if (len == 0) if (len == 0)
@ -121,6 +123,11 @@ _objalloc_alloc (struct objalloc *o, unsigned long len)
len = (len + OBJALLOC_ALIGN - 1) &~ (OBJALLOC_ALIGN - 1); len = (len + OBJALLOC_ALIGN - 1) &~ (OBJALLOC_ALIGN - 1);
/* CVE-2012-3509: Check for overflow in the alignment operation above
* and then malloc argument below. */
if (len + CHUNK_HEADER_SIZE < original_len)
return NULL;
if (len <= o->current_space) if (len <= o->current_space)
{ {
o->current_ptr += len; o->current_ptr += len;