espressif/binutils-gdb
1
0
Fork 0
mirror of https://github.com/espressif/binutils-gdb.git synced 2025-06-22 19:09:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

macho-o archive sanity checks

Browse Source 
Anti-fuzzing checks.

	* mach-o.c (bfd_mach_o_fat_archive_p): Sanity check entry offset
	and size against file size.
This commit is contained in:
Alan Modra
2021-11-01 18:55:19 +10:30
parent c27cdb4c53
commit c908dea26f
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
bfd/mach-o.c
View File

@ -5509,6 +5509,7 @@ bfd_mach_o_fat_archive_p (bfd *abfd)
struct mach_o_fat_header_external hdr; struct mach_o_fat_header_external hdr;
unsigned long i; unsigned long i;
size_t amt; size_t amt;
ufile_ptr filesize;
if (bfd_seek (abfd, 0, SEEK_SET) != 0 if (bfd_seek (abfd, 0, SEEK_SET) != 0
|| bfd_bread (&hdr, sizeof (hdr), abfd) != sizeof (hdr)) || bfd_bread (&hdr, sizeof (hdr), abfd) != sizeof (hdr))
@ -5538,6 +5539,7 @@ bfd_mach_o_fat_archive_p (bfd *abfd)
if (adata->archentries == NULL) if (adata->archentries == NULL)
goto error; goto error;
filesize = bfd_get_file_size (abfd);
for (i = 0; i < adata->nfat_arch; i++) for (i = 0; i < adata->nfat_arch; i++)
{ {
struct mach_o_fat_arch_external arch; struct mach_o_fat_arch_external arch;
@ -5548,6 +5550,15 @@ bfd_mach_o_fat_archive_p (bfd *abfd)
adata->archentries[i].offset = bfd_getb32 (arch.offset); adata->archentries[i].offset = bfd_getb32 (arch.offset);
adata->archentries[i].size = bfd_getb32 (arch.size); adata->archentries[i].size = bfd_getb32 (arch.size);
adata->archentries[i].align = bfd_getb32 (arch.align); adata->archentries[i].align = bfd_getb32 (arch.align);
if (filesize != 0
&& (adata->archentries[i].offset > filesize
|| (adata->archentries[i].size
> filesize - adata->archentries[i].offset)))
{
bfd_release (abfd, adata);
bfd_set_error (bfd_error_malformed_archive);
return NULL;
}
} }
abfd->tdata.mach_o_fat_data = adata; abfd->tdata.mach_o_fat_data = adata;