diff options
| author | Alan Modra <amodra@gmail.com> | 2020-03-23 21:20:54 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2020-03-23 23:26:12 +1030 |
| commit | 5e737279c6e832a757f0326128e5a5f96fbdd291 (patch) | |
| tree | 889039d40232c9667e80f1b5974660866128b1e6 /bfd | |
| parent | 5935fd15306c26ead8274cbeab3287770f2ac92a (diff) | |
| download | gdb-5e737279c6e832a757f0326128e5a5f96fbdd291.zip gdb-5e737279c6e832a757f0326128e5a5f96fbdd291.tar.gz gdb-5e737279c6e832a757f0326128e5a5f96fbdd291.tar.bz2 | |
i386msdos uninitialised read
Also reinstate ld i386aout for i386-msdos target, which doesn't build
otherwise.
bfd/
* i386msdos.c (msdos_object_p): Don't access e_lfanew when that
field hasn't been read. Remove unnecessary casts.
ld/
* Makefile.am (ALL_EMULATION_SOURCES): Reinstate ei386aout.c.
Include ei386aout dep file.
* Makefile.in: Regenerate.
* po/BLD-POTFILES.in: Regenerate.
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/ChangeLog | 5 | ||||
| -rw-r--r-- | bfd/i386msdos.c | 14 |
2 files changed, 13 insertions, 6 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 2e0abc8..c513ebd 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2020-03-23 Alan Modra <amodra@gmail.com> + + * i386msdos.c (msdos_object_p): Don't access e_lfanew when that + field hasn't been read. Remove unnecessary casts. + 2020-03-22 Alan Modra <amodra@gmail.com> * coff64-rs6000.c (xcoff64_slurp_armap): Ensure size is large diff --git a/bfd/i386msdos.c b/bfd/i386msdos.c index 5b56751..e9307a7 100644 --- a/bfd/i386msdos.c +++ b/bfd/i386msdos.c @@ -47,10 +47,10 @@ msdos_object_p (bfd *abfd) struct external_DOS_hdr hdr; bfd_byte buffer[2]; asection *section; - unsigned int size; + bfd_size_type size; if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0 - || bfd_bread (&hdr, (bfd_size_type) sizeof (hdr), abfd) < DOS_HDR_SIZE) + || (size = bfd_bread (&hdr, sizeof (hdr), abfd)) < DOS_HDR_SIZE) { if (bfd_get_error () != bfd_error_system_call) bfd_set_error (bfd_error_wrong_format); @@ -67,9 +67,11 @@ msdos_object_p (bfd *abfd) e_lfanew field will be valid and point to a header beginning with one of the relevant signatures. If not, e_lfanew might point to anything, so don't bail if we can't read there. */ - if (H_GET_16 (abfd, hdr.e_cparhdr) < 4 - || bfd_seek (abfd, (file_ptr) H_GET_32 (abfd, hdr.e_lfanew), SEEK_SET) != 0 - || bfd_bread (buffer, (bfd_size_type) 2, abfd) != 2) + if (size < offsetof (struct external_DOS_hdr, e_lfanew) + 4 + || H_GET_16 (abfd, hdr.e_cparhdr) < 4) + ; + else if (bfd_seek (abfd, H_GET_32 (abfd, hdr.e_lfanew), SEEK_SET) != 0 + || bfd_bread (buffer, (bfd_size_type) 2, abfd) != 2) { if (bfd_get_error () == bfd_error_system_call) return NULL; @@ -102,7 +104,7 @@ msdos_object_p (bfd *abfd) size += H_GET_16 (abfd, hdr.e_cblp); /* Check that the size is valid. */ - if (bfd_seek (abfd, (file_ptr) (section->filepos + size), SEEK_SET) != 0) + if (bfd_seek (abfd, section->filepos + size, SEEK_SET) != 0) { if (bfd_get_error () != bfd_error_system_call) bfd_set_error (bfd_error_wrong_format); |