mirror of
https://github.com/espressif/binutils-gdb.git
synced 2025-06-21 02:24:17 +08:00
Fix illegal memory access when parsing a corrupt PE format file.
PR 27795 * coff-rs6000.c (_bfd_xcoff_read_ar_hdr): Check for invalid name lengths.
This commit is contained in:
@ -1,3 +1,9 @@
|
|||||||
|
2021-04-30 Nick Clifton <nickc@redhat.com>
|
||||||
|
|
||||||
|
PR 27795
|
||||||
|
* coff-rs6000.c (_bfd_xcoff_read_ar_hdr): Check for invalid name
|
||||||
|
lengths.
|
||||||
|
|
||||||
2021-04-29 Nick Clifton <nickc@redhat.com>
|
2021-04-29 Nick Clifton <nickc@redhat.com>
|
||||||
|
|
||||||
PR 27793
|
PR 27793
|
||||||
|
@ -1619,6 +1619,8 @@ _bfd_xcoff_read_ar_hdr (bfd *abfd)
|
|||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
GET_VALUE_IN_FIELD (namlen, hdr.namlen, 10);
|
GET_VALUE_IN_FIELD (namlen, hdr.namlen, 10);
|
||||||
|
if (namlen > bfd_get_file_size (abfd))
|
||||||
|
return NULL;
|
||||||
amt = sizeof (struct areltdata) + SIZEOF_AR_HDR + namlen + 1;
|
amt = sizeof (struct areltdata) + SIZEOF_AR_HDR + namlen + 1;
|
||||||
ret = (struct areltdata *) bfd_malloc (amt);
|
ret = (struct areltdata *) bfd_malloc (amt);
|
||||||
if (ret == NULL)
|
if (ret == NULL)
|
||||||
@ -1646,6 +1648,8 @@ _bfd_xcoff_read_ar_hdr (bfd *abfd)
|
|||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
GET_VALUE_IN_FIELD (namlen, hdr.namlen, 10);
|
GET_VALUE_IN_FIELD (namlen, hdr.namlen, 10);
|
||||||
|
if (namlen > bfd_get_file_size (abfd))
|
||||||
|
return NULL;
|
||||||
amt = sizeof (struct areltdata) + SIZEOF_AR_HDR_BIG + namlen + 1;
|
amt = sizeof (struct areltdata) + SIZEOF_AR_HDR_BIG + namlen + 1;
|
||||||
ret = (struct areltdata *) bfd_malloc (amt);
|
ret = (struct areltdata *) bfd_malloc (amt);
|
||||||
if (ret == NULL)
|
if (ret == NULL)
|
||||||
|
Reference in New Issue
Block a user