diff options
| author | Alan Modra <amodra@gmail.com> | 2021-10-30 18:42:00 +1030 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2021-10-31 10:57:52 +1030 |
| commit | 3c8ed65a5d9d754c79fa34741c51db187b56485c (patch) | |
| tree | 027e5fe96877ec8533d52ee042ee0c83743424ca /bfd/vms-alpha.c | |
| parent | fb9f44d410d955176b729a746cee22b0063068c2 (diff) | |
| download | binutils-3c8ed65a5d9d754c79fa34741c51db187b56485c.zip binutils-3c8ed65a5d9d754c79fa34741c51db187b56485c.tar.gz binutils-3c8ed65a5d9d754c79fa34741c51db187b56485c.tar.bz2 | |
PR28518: signed integer overflow & free on unmalloced address
PR 28518
* vms-alpha.c (build_module_list): Don't lose malloc buffer address.
Use unsigned variables.
Diffstat (limited to 'bfd/vms-alpha.c')
| -rw-r--r-- | bfd/vms-alpha.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c index e4a897b..10758d5 100644 --- a/bfd/vms-alpha.c +++ b/bfd/vms-alpha.c @@ -4794,26 +4794,26 @@ build_module_list (bfd *abfd) since we can compute the start address and the end address of every module from the section contents. */ bfd_size_type size = bfd_section_size (dmt); - unsigned char *ptr, *end; + unsigned char *buf, *ptr, *end; - if (! bfd_malloc_and_get_section (abfd, dmt, &ptr)) + if (! bfd_malloc_and_get_section (abfd, dmt, &buf)) return NULL; vms_debug2 ((2, "DMT\n")); + ptr = buf; end = ptr + size; - while (end - ptr >= DBG_S_C_DMT_HEADER_SIZE) { /* Each header declares a module with its start offset and size of debug info in the DST section, as well as the count of program sections (i.e. address spans) it contains. */ - int modbeg = bfd_getl32 (ptr + DBG_S_L_DMT_MODBEG); - int msize = bfd_getl32 (ptr + DBG_S_L_DST_SIZE); + unsigned int modbeg = bfd_getl32 (ptr + DBG_S_L_DMT_MODBEG); + unsigned int msize = bfd_getl32 (ptr + DBG_S_L_DST_SIZE); int count = bfd_getl16 (ptr + DBG_S_W_DMT_PSECT_COUNT); ptr += DBG_S_C_DMT_HEADER_SIZE; - vms_debug2 ((3, "module: modbeg = %d, size = %d, count = %d\n", + vms_debug2 ((3, "module: modbeg = %u, size = %u, count = %d\n", modbeg, msize, count)); /* We create a 'module' structure for each program section since @@ -4823,8 +4823,8 @@ build_module_list (bfd *abfd) cause problems in practice. */ while (count-- > 0 && end - ptr >= DBG_S_C_DMT_PSECT_SIZE) { - int start = bfd_getl32 (ptr + DBG_S_L_DMT_PSECT_START); - int length = bfd_getl32 (ptr + DBG_S_L_DMT_PSECT_LENGTH); + unsigned int start = bfd_getl32 (ptr + DBG_S_L_DMT_PSECT_START); + unsigned int length = bfd_getl32 (ptr + DBG_S_L_DMT_PSECT_LENGTH); module = new_module (abfd); module->modbeg = modbeg; module->size = msize; @@ -4834,11 +4834,11 @@ build_module_list (bfd *abfd) list = module; ptr += DBG_S_C_DMT_PSECT_SIZE; - vms_debug2 ((4, "section: start = 0x%x, length = %d\n", + vms_debug2 ((4, "section: start = 0x%x, length = %u\n", start, length)); } } - free (ptr); + free (buf); } else { |