PR24272, out-of-bounds read in pex64_xdata_print_uwd_codes

The fix here is to use an unsigned comparison for
    if (a->NumberOfRvaAndSizes > IMAGE_NUMBEROF_DIRECTORY_ENTRIES)

include/
	PR 24272
	* coff/internal.h (struct internal_extra_pe_aouthdr): Change type
	of SizeOfCode, SizeOfInitializedData, and SizeOfUninitializedData
	to bfd_vma.  Change type of SectionAlignment, FileAlignment,
	Reserved1, SizeOfImage, SizeOfHeaders, CheckSum, LoaderFlags,
	and NumberOfRvaAndSizes to uint32_t.
bfd/
	PR 24272
	* peXXigen.c (_bfd_XXi_swap_aouthdr_in): Use unsigned index.
	(_bfd_XX_print_private_bfd_data_common): Adjust for type changes.

bfd/peXXigen.c

@@ -522,15 +522,15 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd,
   a->NumberOfRvaAndSizes = H_GET_32 (abfd, src->NumberOfRvaAndSizes);
 
   {
-    int idx;
+    unsigned idx;
 
     /* PR 17512: Corrupt PE binaries can cause seg-faults.  */
     if (a->NumberOfRvaAndSizes > IMAGE_NUMBEROF_DIRECTORY_ENTRIES)
       {
 	/* xgettext:c-format */
 	_bfd_error_handler
-	  (_("%pB: aout header specifies an invalid number of data-directory entries: %ld"),
+	  (_("%pB: aout header specifies an invalid number of"
-	   abfd, a->NumberOfRvaAndSizes);
+	     " data-directory entries: %u"), abfd, a->NumberOfRvaAndSizes);
 	bfd_set_error (bfd_error_bad_value);
 
 	/* Paranoia: If the number is corrupt, then assume that the
@@ -2806,12 +2806,13 @@ _bfd_XX_print_private_bfd_data_common (bfd * abfd, void * vfile)
     fprintf (file, "\t(%s)",name);
   fprintf (file, "\nMajorLinkerVersion\t%d\n", i->MajorLinkerVersion);
   fprintf (file, "MinorLinkerVersion\t%d\n", i->MinorLinkerVersion);
-  fprintf (file, "SizeOfCode\t\t%08lx\n", (unsigned long) i->SizeOfCode);
+  fprintf (file, "SizeOfCode\t\t");
-  fprintf (file, "SizeOfInitializedData\t%08lx\n",
+  bfd_fprintf_vma (abfd, file, i->SizeOfCode);
-	   (unsigned long) i->SizeOfInitializedData);
+  fprintf (file, "\nSizeOfInitializedData\t");
-  fprintf (file, "SizeOfUninitializedData\t%08lx\n",
+  bfd_fprintf_vma (abfd, file, i->SizeOfInitializedData);
-	   (unsigned long) i->SizeOfUninitializedData);
+  fprintf (file, "\nSizeOfUninitializedData\t");
-  fprintf (file, "AddressOfEntryPoint\t");
+  bfd_fprintf_vma (abfd, file, i->SizeOfUninitializedData);
+  fprintf (file, "\nAddressOfEntryPoint\t");
   bfd_fprintf_vma (abfd, file, i->AddressOfEntryPoint);
   fprintf (file, "\nBaseOfCode\t\t");
   bfd_fprintf_vma (abfd, file, i->BaseOfCode);
@@ -2823,20 +2824,18 @@ _bfd_XX_print_private_bfd_data_common (bfd * abfd, void * vfile)
 
   fprintf (file, "\nImageBase\t\t");
   bfd_fprintf_vma (abfd, file, i->ImageBase);
-  fprintf (file, "\nSectionAlignment\t");
+  fprintf (file, "\nSectionAlignment\t%08x\n", i->SectionAlignment);
-  bfd_fprintf_vma (abfd, file, i->SectionAlignment);
+  fprintf (file, "FileAlignment\t\t%08x\n", i->FileAlignment);
-  fprintf (file, "\nFileAlignment\t\t");
+  fprintf (file, "MajorOSystemVersion\t%d\n", i->MajorOperatingSystemVersion);
-  bfd_fprintf_vma (abfd, file, i->FileAlignment);
-  fprintf (file, "\nMajorOSystemVersion\t%d\n", i->MajorOperatingSystemVersion);
   fprintf (file, "MinorOSystemVersion\t%d\n", i->MinorOperatingSystemVersion);
   fprintf (file, "MajorImageVersion\t%d\n", i->MajorImageVersion);
   fprintf (file, "MinorImageVersion\t%d\n", i->MinorImageVersion);
   fprintf (file, "MajorSubsystemVersion\t%d\n", i->MajorSubsystemVersion);
   fprintf (file, "MinorSubsystemVersion\t%d\n", i->MinorSubsystemVersion);
-  fprintf (file, "Win32Version\t\t%08lx\n", (unsigned long) i->Reserved1);
+  fprintf (file, "Win32Version\t\t%08x\n", i->Reserved1);
-  fprintf (file, "SizeOfImage\t\t%08lx\n", (unsigned long) i->SizeOfImage);
+  fprintf (file, "SizeOfImage\t\t%08x\n", i->SizeOfImage);
-  fprintf (file, "SizeOfHeaders\t\t%08lx\n", (unsigned long) i->SizeOfHeaders);
+  fprintf (file, "SizeOfHeaders\t\t%08x\n", i->SizeOfHeaders);
-  fprintf (file, "CheckSum\t\t%08lx\n", (unsigned long) i->CheckSum);
+  fprintf (file, "CheckSum\t\t%08x\n", i->CheckSum);
 
   switch (i->Subsystem)
     {

include/coff/internal.h

@@ -197,11 +197,11 @@ struct internal_extra_pe_aouthdr
   /* Linker minor version number.  */
   char MinorLinkerVersion;	
   /* Total size of all code sections.  */
-  long SizeOfCode;
+  bfd_vma SizeOfCode;
   /* Total size of all initialized data sections.  */
-  long SizeOfInitializedData;
+  bfd_vma SizeOfInitializedData;
   /* Total size of all uninitialized data sections.  */
-  long SizeOfUninitializedData;
+  bfd_vma SizeOfUninitializedData;
   /* Address of entry point relative to image base.  */
   bfd_vma AddressOfEntryPoint;
   /* Address of the first code section relative to image base.  */
@@ -211,21 +211,21 @@ struct internal_extra_pe_aouthdr
 
   /* PE stuff  */
   bfd_vma ImageBase;		/* Address of specific location in memory that
-				    file is located, NT default 0x10000.  */
+				   file is located, NT default 0x10000.  */
 
-  bfd_vma SectionAlignment;	/* Section alignment default 0x1000.  */
+  uint32_t SectionAlignment;	/* Section alignment default 0x1000.  */
-  bfd_vma FileAlignment;	/* File alignment default 0x200.  */
+  uint32_t FileAlignment;	/* File alignment default 0x200.  */
-  short   MajorOperatingSystemVersion; /* Minimum version of the operating.  */
+  short MajorOperatingSystemVersion; /* Minimum version of the operating.  */
-  short   MinorOperatingSystemVersion; /* System req'd for exe, default to 1.  */
+  short MinorOperatingSystemVersion; /* System req'd for exe, default 1.  */
-  short   MajorImageVersion;	/* User defineable field to store version of */
+  short MajorImageVersion;	/* User defineable field to store version of */
-  short   MinorImageVersion;	/*  exe or dll being created, default to 0.  */ 
+  short MinorImageVersion;	/*  exe or dll being created, default to 0.  */
-  short   MajorSubsystemVersion; /* Minimum subsystem version required to */
+  short MajorSubsystemVersion;	/* Minimum subsystem version required to */
-  short   MinorSubsystemVersion; /*  run exe; default to 3.1.  */
+  short MinorSubsystemVersion;	/*  run exe; default to 3.1.  */
-  long    Reserved1;		/* Seems to be 0.  */
+  uint32_t Reserved1;		/* Seems to be 0.  */
-  long    SizeOfImage;		/* Size of memory to allocate for prog.  */
+  uint32_t SizeOfImage;		/* Size of memory to allocate for prog.  */
-  long    SizeOfHeaders;	/* Size of PE header and section table.  */
+  uint32_t SizeOfHeaders;	/* Size of PE header and section table.  */
-  long    CheckSum;		/* Set to 0.  */
+  uint32_t CheckSum;		/* Set to 0.  */
-  short   Subsystem;	
+  short Subsystem;
 
   /* Type of subsystem exe uses for user interface,
      possible values:
@@ -237,11 +237,11 @@ struct internal_extra_pe_aouthdr
   unsigned short DllCharacteristics; /* flags for DLL init.  */
   bfd_vma SizeOfStackReserve;	/* Amount of memory to reserve.  */
   bfd_vma SizeOfStackCommit;	/* Amount of memory initially committed for
-				    initial thread's stack, default is 0x1000.  */
+				   initial thread's stack, default 0x1000.  */
   bfd_vma SizeOfHeapReserve;	/* Amount of virtual memory to reserve and */
   bfd_vma SizeOfHeapCommit;	/*  commit, don't know what to defaut it to.  */
-  long    LoaderFlags;		/* Can probably set to 0.  */
+  uint32_t LoaderFlags;		/* Can probably set to 0.  */
-  long    NumberOfRvaAndSizes;	/* Number of entries in next entry, 16.  */
+  uint32_t NumberOfRvaAndSizes;	/* Number of entries in next entry, 16.  */
   IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
 };