From 97b75c421f74e4708f9a351641b99be3d4848913 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Tue, 14 Mar 2023 13:15:12 +0000
Subject: [PATCH] Prevent an over large memory allocation in readelf when
 parsing a corrupt DWARF file.

  PR 30227
  * dwarf.c (process_cu_tu_index): Prevent excessive memory allocation when nused is large and ncols is zero.
---
 binutils/ChangeLog | 6 ++++++
 binutils/dwarf.c   | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 94099d7940f..10718ab1d67 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2023-03-14  Nick Clifton  <nickc@redhat.com>
+
+	PR 30227
+	* dwarf.c (process_cu_tu_index): Prevent excessive memory
+	allocation when nused is large and ncols is zero.
+
 2023-02-09  Tom Tromey  <tromey@adacore.com>
 
 	* dwarf-mode.el: Bump version to 1.8.
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index a4799f0198c..89b0b80d949 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -10912,6 +10912,9 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
       if (nused == -1u
 	  || _mul_overflow ((size_t) ncols, 4, &temp)
 	  || _mul_overflow ((size_t) nused + 1, temp, &total)
+	  || total > (size_t) (limit - ppool)
+	  /* PR 30227: ncols could be 0.  */
+	  || _mul_overflow ((size_t) nused + 1, 4, &total)
 	  || total > (size_t) (limit - ppool))
 	{
 	  warn (_("Section %s too small for offset and size tables\n"),
-- 
GitLab