diff options
| author | Alan Modra <amodra@gmail.com> | 2019-02-20 08:21:24 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2019-02-20 11:50:07 +1030 |
| commit | 8abac8031ed369a2734b1cdb7df28a39a54b4b49 (patch) | |
| tree | e6a6f1ce759adb9afb1f515aa9347d06541b0f16 /bfd/archive.c | |
| parent | 7ae39e2d406dbec568c5ffd462119037b994fdf9 (diff) | |
| download | gdb-8abac8031ed369a2734b1cdb7df28a39a54b4b49.zip gdb-8abac8031ed369a2734b1cdb7df28a39a54b4b49.tar.gz gdb-8abac8031ed369a2734b1cdb7df28a39a54b4b49.tar.bz2 | |
PR24236, Heap buffer overflow in _bfd_archive_64_bit_slurp_armap
PR 24236
* archive64.c (_bfd_archive_64_bit_slurp_armap): Move code adding
sentinel NUL to string buffer nearer to loop where it is used.
Don't go past sentinel when scanning strings, and don't write
NUL again.
* archive.c (do_slurp_coff_armap): Simplify string handling to
archive64.c style.
Diffstat (limited to 'bfd/archive.c')
| -rw-r--r-- | bfd/archive.c | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/bfd/archive.c b/bfd/archive.c index d2d9b72..68a92a3 100644 --- a/bfd/archive.c +++ b/bfd/archive.c @@ -1012,6 +1012,7 @@ do_slurp_coff_armap (bfd *abfd) int *raw_armap, *rawptr; struct artdata *ardata = bfd_ardata (abfd); char *stringbase; + char *stringend; bfd_size_type stringsize; bfd_size_type parsed_size; carsym *carsyms; @@ -1071,22 +1072,18 @@ do_slurp_coff_armap (bfd *abfd) } /* OK, build the carsyms. */ - for (i = 0; i < nsymz && stringsize > 0; i++) + stringend = stringbase + stringsize; + *stringend = 0; + for (i = 0; i < nsymz; i++) { - bfd_size_type len; - rawptr = raw_armap + i; carsyms->file_offset = swap ((bfd_byte *) rawptr); carsyms->name = stringbase; - /* PR 17512: file: 4a1d50c1. */ - len = strnlen (stringbase, stringsize); - if (len < stringsize) - len ++; - stringbase += len; - stringsize -= len; + stringbase += strlen (stringbase); + if (stringbase != stringend) + ++stringbase; carsyms++; } - *stringbase = 0; ardata->symdef_count = nsymz; ardata->first_file_filepos = bfd_tell (abfd); |