espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-21 02:24:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

PR24644, OOM-Bug in _bfd_archive_64_bit_slurp_armap

Browse Source 
PR 24644
	* archive64.c (_bfd_archive_64_bit_slurp_armap): Properly check
	for overflow in expressions involving nsymz.
This commit is contained in:
Alan Modra
2019-08-07 18:53:09 +09:30
parent 7cd00957a5
commit 97b031c5d6
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bfd/ChangeLog
View File

@ -1,3 +1,9 @@
2019-08-07 Alan Modra <amodra@gmail.com>
PR 24644
* archive64.c (_bfd_archive_64_bit_slurp_armap): Properly check
for overflow in expressions involving nsymz.
2019-08-01 Ilia Diachkov <ilia.diachkov@optimitech.com> 2019-08-01 Ilia Diachkov <ilia.diachkov@optimitech.com>
* elfnn-riscv.c (_bfd_riscv_relax_lui): Set lui relax safety area to * elfnn-riscv.c (_bfd_riscv_relax_lui): Set lui relax safety area to

9
bfd/archive64.c
View File

@ -90,7 +90,14 @@ _bfd_archive_64_bit_slurp_armap (bfd *abfd)
ptrsize = 8 * nsymz; ptrsize = 8 * nsymz;
amt = carsym_size + stringsize + 1; amt = carsym_size + stringsize + 1;
if (carsym_size < nsymz || ptrsize < nsymz || amt < nsymz) if (/* Catch overflow in stringsize (and ptrsize) expression. */
nsymz >= (bfd_size_type) -1 / 8
|| stringsize > parsed_size
/* Catch overflow in carsym_size expression. */
|| nsymz > (bfd_size_type) -1 / sizeof (carsym)
/* Catch overflow in amt expression. */
|| amt <= carsym_size
|| amt <= stringsize)
{ {
bfd_set_error (bfd_error_malformed_archive); bfd_set_error (bfd_error_malformed_archive);
return FALSE; return FALSE;