diff options
| author | Jakub Jelinek <jakub@redhat.com> | 2007-01-05 10:12:25 +0000 |
|---|---|---|
| committer | Jakub Jelinek <jakub@redhat.com> | 2007-01-05 10:12:25 +0000 |
| commit | ebe8b99135d0de280c4094b0affdb4b5a6d2835b (patch) | |
| tree | 578e76b26d389277218515d53f03a5cd12a15416 | |
| parent | 8936fcda88c915c942559802689bcfe3da59ab6e (diff) | |
| download | fsf-binutils-gdb-ebe8b99135d0de280c4094b0affdb4b5a6d2835b.zip fsf-binutils-gdb-ebe8b99135d0de280c4094b0affdb4b5a6d2835b.tar.gz fsf-binutils-gdb-ebe8b99135d0de280c4094b0affdb4b5a6d2835b.tar.bz2 | |
* texhex.c (first_phase): Don't fall through into the default
case.
(pass_over): Replace abort () calls with return FALSE. Fix
buffer overflow.
| -rw-r--r-- | bfd/ChangeLog | 7 | ||||
| -rw-r--r-- | bfd/tekhex.c | 16 |
2 files changed, 16 insertions, 7 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index c2101ca..e341c1f 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,10 @@ +2007-01-05 Jakub Jelinek <jakub@redhat.com> + + * texhex.c (first_phase): Don't fall through into the default + case. + (pass_over): Replace abort () calls with return FALSE. Fix + buffer overflow. + 2007-01-04 Jie Zhang <jie.zhang@analog.com> * elf-eh-frame.c (_bfd_elf_discard_section_eh_frame): Don't set diff --git a/bfd/tekhex.c b/bfd/tekhex.c index fffedad..c0ad1ee 100644 --- a/bfd/tekhex.c +++ b/bfd/tekhex.c @@ -436,6 +436,7 @@ first_phase (bfd *abfd, int type, char *src) if (!getvalue (&src, &val)) return FALSE; new->symbol.value = val - section->vma; + break; } default: return FALSE; @@ -457,11 +458,10 @@ pass_over (bfd *abfd, bfd_boolean (*func) (bfd *, int, char *)) /* To the front of the file. */ if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0) - abort (); + return FALSE; while (! eof) { - char buffer[MAXCHUNK]; - char *src = buffer; + char src[MAXCHUNK]; char type; /* Find first '%'. */ @@ -471,22 +471,24 @@ pass_over (bfd *abfd, bfd_boolean (*func) (bfd *, int, char *)) if (eof) break; - src++; /* Fetch the type and the length and the checksum. */ if (bfd_bread (src, (bfd_size_type) 5, abfd) != 5) - abort (); /* FIXME. */ + return FALSE; type = src[2]; if (!ISHEX (src[0]) || !ISHEX (src[1])) break; - /* Already read five char. */ + /* Already read five chars. */ chars_on_line = HEX (src) - 5; + if (chars_on_line >= MAXCHUNK) + return FALSE; + if (bfd_bread (src, (bfd_size_type) chars_on_line, abfd) != chars_on_line) - abort (); /* FIXME. */ + return FALSE; /* Put a null at the end. */ src[chars_on_line] = 0; |