https://sourceware.org/bugzilla/show_bug.cgi?id=24644
--- Comment #2 from Alex Rebert <alex at forallsecure dot com> --- Oops. Sorry about that. I saw https://sourceware.org/bugzilla/show_bug.cgi?id=23361 and thought you were interested in those. FWIW, there are a few overflows in there, and the overflow checks don't catch them all. I haven't been able to make it crash yet, but I have an input that leads to calling bfd_bread on a small buffer with a very large size. Happy to upload it if you're interested in it. Details: When parsed_size=-1 and nsymz=2, the function allocates a 8-byte symdefs array, while stringsize is 18446744073709551591). Since bfd_read calls cache_bread, which takes a signed size which ends up being negative, no overflow happens. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils