From: Alan Modra <amodra@gmail.com>
Date: Thu, 17 Mar 2022 09:35:39 +0000 (+1030)
Subject: ubsan: Null dereference in parse_module
X-Git-Tag: gdb-12.1-release~59
X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2

ubsan: Null dereference in parse_module

	* vms-alpha.c (parse_module): Sanity check that DST__K_RTNBEG
	has set module->func_table for DST__K_RTNEND.  Check return
	of bfd_zalloc.

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2]

CVE: CVE-2023-25584

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>

---

diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 4a92574c850..1129c98f0e2 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -4352,9 +4352,13 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,

   /* Initialize tables with zero element.  */
   curr_srec = (struct srecinfo *) bfd_zalloc (abfd, sizeof (struct srecinfo));
+  if (!curr_srec)
+    return false;
   module->srec_table = curr_srec;

   curr_line = (struct lineinfo *) bfd_zalloc (abfd, sizeof (struct lineinfo));
+  if (!curr_line)
+    return false;
   module->line_table = curr_line;

   while (length == -1 || ptr < maxptr)
@@ -4389,6 +4393,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
	case DST__K_RTNBEG:
	  funcinfo = (struct funcinfo *)
	    bfd_zalloc (abfd, sizeof (struct funcinfo));
+	  if (!funcinfo)
+	    return false;
	  funcinfo->name
	    = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME,
					    maxptr - (ptr + DST_S_B_RTNBEG_NAME));
@@ -4401,6 +4407,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
	  break;

	case DST__K_RTNEND:
+	  if (!module->func_table)
+	    return false;
	  module->func_table->high = module->func_table->low
	    + bfd_getl32 (ptr + DST_S_L_RTNEND_SIZE) - 1;