mirror of
https://github.com/espressif/binutils-gdb.git
synced 2025-06-21 02:24:17 +08:00
PR24644, OOM-Bug in _bfd_archive_64_bit_slurp_armap
PR 24644 * archive64.c (_bfd_archive_64_bit_slurp_armap): Properly check for overflow in expressions involving nsymz.
This commit is contained in:
@ -1,3 +1,9 @@
|
|||||||
|
2019-08-07 Alan Modra <amodra@gmail.com>
|
||||||
|
|
||||||
|
PR 24644
|
||||||
|
* archive64.c (_bfd_archive_64_bit_slurp_armap): Properly check
|
||||||
|
for overflow in expressions involving nsymz.
|
||||||
|
|
||||||
2019-08-01 Ilia Diachkov <ilia.diachkov@optimitech.com>
|
2019-08-01 Ilia Diachkov <ilia.diachkov@optimitech.com>
|
||||||
|
|
||||||
* elfnn-riscv.c (_bfd_riscv_relax_lui): Set lui relax safety area to
|
* elfnn-riscv.c (_bfd_riscv_relax_lui): Set lui relax safety area to
|
||||||
|
@ -90,7 +90,14 @@ _bfd_archive_64_bit_slurp_armap (bfd *abfd)
|
|||||||
ptrsize = 8 * nsymz;
|
ptrsize = 8 * nsymz;
|
||||||
|
|
||||||
amt = carsym_size + stringsize + 1;
|
amt = carsym_size + stringsize + 1;
|
||||||
if (carsym_size < nsymz || ptrsize < nsymz || amt < nsymz)
|
if (/* Catch overflow in stringsize (and ptrsize) expression. */
|
||||||
|
nsymz >= (bfd_size_type) -1 / 8
|
||||||
|
|| stringsize > parsed_size
|
||||||
|
/* Catch overflow in carsym_size expression. */
|
||||||
|
|| nsymz > (bfd_size_type) -1 / sizeof (carsym)
|
||||||
|
/* Catch overflow in amt expression. */
|
||||||
|
|| amt <= carsym_size
|
||||||
|
|| amt <= stringsize)
|
||||||
{
|
{
|
||||||
bfd_set_error (bfd_error_malformed_archive);
|
bfd_set_error (bfd_error_malformed_archive);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
Reference in New Issue
Block a user