diff options
| author | Alan Modra <amodra@gmail.com> | 2021-07-30 12:56:22 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2021-07-30 15:06:56 +0930 |
| commit | 472dd8b357e878b09ffa0703ad80b2915aaa4ec6 (patch) | |
| tree | c13906a41d7319d3401f2c5f20e21402d96b408d /bfd | |
| parent | 6329d1e13eabb4463d3a459ffe4fd0f028ca37df (diff) | |
| download | gdb-472dd8b357e878b09ffa0703ad80b2915aaa4ec6.zip gdb-472dd8b357e878b09ffa0703ad80b2915aaa4ec6.tar.gz gdb-472dd8b357e878b09ffa0703ad80b2915aaa4ec6.tar.bz2 | |
Sanity check _bfd_coff_read_string_table
* coffgen.c (_bfd_coff_read_string_table): Catch overflows
when calculating string table file location.
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/coffgen.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/bfd/coffgen.c b/bfd/coffgen.c index 017d4c3..ca93682 100644 --- a/bfd/coffgen.c +++ b/bfd/coffgen.c @@ -1662,8 +1662,10 @@ _bfd_coff_read_string_table (bfd *abfd) char extstrsize[STRING_SIZE_SIZE]; bfd_size_type strsize; char *strings; - file_ptr pos; + ufile_ptr pos; ufile_ptr filesize; + size_t symesz; + size_t size; if (obj_coff_strings (abfd) != NULL) return obj_coff_strings (abfd); @@ -1674,9 +1676,16 @@ _bfd_coff_read_string_table (bfd *abfd) return NULL; } + symesz = bfd_coff_symesz (abfd); pos = obj_sym_filepos (abfd); - pos += obj_raw_syment_count (abfd) * bfd_coff_symesz (abfd); - if (bfd_seek (abfd, pos, SEEK_SET) != 0) + if (_bfd_mul_overflow (obj_raw_syment_count (abfd), symesz, &size) + || pos + size < pos) + { + bfd_set_error (bfd_error_file_truncated); + return NULL; + } + + if (bfd_seek (abfd, pos + size, SEEK_SET) != 0) return NULL; if (bfd_bread (extstrsize, (bfd_size_type) sizeof extstrsize, abfd) |