espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-10-10 17:38:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

readelf: catch archive_file_size of -1

Browse Source 
Fuzzers might put -1 in arhdr.ar_size.  If the size is rounded up to
and even number of bytes we get zero.

	* readelf.c (process_archive): Don't round up archive_file_size.
	Do round up next_arhdr_offset calculation.
This commit is contained in:
Alan Modra
2021-07-30 13:07:12 +09:30
parent 5cfe19e51e
commit 237877b818
1 changed files with 1 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
binutils/readelf.c
View File

@ -21789,8 +21789,6 @@ process_archive (Filedata * filedata, bool is_thin_archive)
arch.next_arhdr_offset += sizeof arch.arhdr; arch.next_arhdr_offset += sizeof arch.arhdr;
filedata->archive_file_size = strtoul (arch.arhdr.ar_size, NULL, 10); filedata->archive_file_size = strtoul (arch.arhdr.ar_size, NULL, 10);
if (filedata->archive_file_size & 01)
++filedata->archive_file_size;
name = get_archive_member_name (&arch, &nested_arch); name = get_archive_member_name (&arch, &nested_arch);
if (name == NULL) if (name == NULL)
@ -21894,7 +21892,7 @@ process_archive (Filedata * filedata, bool is_thin_archive)
filedata->file_name = qualified_name; filedata->file_name = qualified_name;
if (! process_object (filedata)) if (! process_object (filedata))
ret = false; ret = false;
arch.next_arhdr_offset += filedata->archive_file_size; arch.next_arhdr_offset += (filedata->archive_file_size + 1) & -2;
/* Stop looping with "negative" archive_file_size. */ /* Stop looping with "negative" archive_file_size. */
if (arch.next_arhdr_offset < filedata->archive_file_size) if (arch.next_arhdr_offset < filedata->archive_file_size)
arch.next_arhdr_offset = -1ul; arch.next_arhdr_offset = -1ul;