mirrors/binutils-gdb
0
0
Fork 0
mirror of https://sourceware.org/git/binutils-gdb.git synced 2025-01-19 22:44:16 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix a seg-fault triggered by reading a mal-formed archive.

Browse Source 
PR binutils/17533
	* archive.c (_bfd_slurp_extended_name_table): Handle archives with
	corrupt extended name tables.
This commit is contained in:
Nick Clifton 2014-11-04 13:15:37 +00:00
parent ed9e98c214
commit bb0d867169
2 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bfd/ChangeLog
View File

@ -1,3 +1,9 @@
2014-11-04 Nick Clifton <nickc@redhat.com>
PR binutils/17533
* archive.c (_bfd_slurp_extended_name_table): Handle archives with
corrupt extended name tables.
2014-11-04 Alan Modra <amodra@gmail.com> 2014-11-04 Alan Modra <amodra@gmail.com>
* elf32-spu.c (ovl_mgr_stat): New function. * elf32-spu.c (ovl_mgr_stat): New function.

9
bfd/archive.c
View File

@ -1293,6 +1293,9 @@ _bfd_slurp_extended_name_table (bfd *abfd)
amt = namedata->parsed_size; amt = namedata->parsed_size;
if (amt + 1 == 0) if (amt + 1 == 0)
goto byebye; goto byebye;
/* PR binutils/17533: A corrupt archive can contain an invalid size. */
if (amt > (bfd_size_type) bfd_get_size (abfd))
goto byebye;
bfd_ardata (abfd)->extended_names_size = amt; bfd_ardata (abfd)->extended_names_size = amt;
bfd_ardata (abfd)->extended_names = (char *) bfd_zalloc (abfd, amt + 1); bfd_ardata (abfd)->extended_names = (char *) bfd_zalloc (abfd, amt + 1);
@ -1300,6 +1303,8 @@ _bfd_slurp_extended_name_table (bfd *abfd)
{ {
byebye: byebye:
free (namedata); free (namedata);
bfd_ardata (abfd)->extended_names = NULL;
bfd_ardata (abfd)->extended_names_size = 0;
return FALSE; return FALSE;
} }
@ -1308,7 +1313,6 @@ _bfd_slurp_extended_name_table (bfd *abfd)
if (bfd_get_error () != bfd_error_system_call) if (bfd_get_error () != bfd_error_system_call)
bfd_set_error (bfd_error_malformed_archive); bfd_set_error (bfd_error_malformed_archive);
bfd_release (abfd, (bfd_ardata (abfd)->extended_names)); bfd_release (abfd, (bfd_ardata (abfd)->extended_names));
bfd_ardata (abfd)->extended_names = NULL;
goto byebye; goto byebye;
} }
@ -1316,11 +1320,12 @@ _bfd_slurp_extended_name_table (bfd *abfd)
text, the entries in the list are newline-padded, not null text, the entries in the list are newline-padded, not null
padded. In SVR4-style archives, the names also have a padded. In SVR4-style archives, the names also have a
trailing '/'. DOS/NT created archive often have \ in them trailing '/'. DOS/NT created archive often have \ in them
We'll fix all problems here.. */ We'll fix all problems here. */
{ {
char *ext_names = bfd_ardata (abfd)->extended_names; char *ext_names = bfd_ardata (abfd)->extended_names;
char *temp = ext_names; char *temp = ext_names;
char *limit = temp + namedata->parsed_size; char *limit = temp + namedata->parsed_size;
for (; temp < limit; ++temp) for (; temp < limit; ++temp)
{ {
if (*temp == ARFMAG[1]) if (*temp == ARFMAG[1])