diff options
author | Nick Clifton <nickc@redhat.com> | 2017-06-15 12:08:57 +0100 |
---|---|---|
committer | Nick Clifton <nickc@redhat.com> | 2017-06-15 12:08:57 +0100 |
commit | 76800cba595efc3fe95a446c2d664e42ae4ee869 (patch) | |
tree | 1b55086f89d717246dff34c0382705e02952a55c | |
parent | 08c7881b814c546efc3996fd1decdf0877f7a779 (diff) | |
download | gdb-76800cba595efc3fe95a446c2d664e42ae4ee869.zip gdb-76800cba595efc3fe95a446c2d664e42ae4ee869.tar.gz gdb-76800cba595efc3fe95a446c2d664e42ae4ee869.tar.bz2 |
Handle EITR records in VMS Alpha binaries with overlarge command length parameters.
PR binutils/21579
* vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
-rw-r--r-- | bfd/ChangeLog | 5 | ||||
-rw-r--r-- | bfd/vms-alpha.c | 16 |
2 files changed, 13 insertions, 8 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index bf7447c..f39dd09 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2017-06-15 Nick Clifton <nickc@redhat.com> + + PR binutils/21579 + * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length. + 2017-06-14 Max Filippov <jcmvbkbc@gmail.com> * elf32-xtensa.c (elf_xtensa_be_plt_entry, diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c index 0c2b546..38237cd 100644 --- a/bfd/vms-alpha.c +++ b/bfd/vms-alpha.c @@ -1745,14 +1745,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info) ptr += 4; -#if VMS_DEBUG - _bfd_vms_debug (4, "etir: %s(%d)\n", - _bfd_vms_etir_name (cmd), cmd); - _bfd_hexdump (8, ptr, cmd_length - 4, 0); -#endif - - /* PR 21589: Check for a corrupt ETIR record. */ - if (cmd_length < 4) + /* PR 21589 and 21579: Check for a corrupt ETIR record. */ + if (cmd_length < 4 || (ptr + cmd_length > maxptr + 4)) { corrupt_etir: _bfd_error_handler (_("Corrupt ETIR record encountered")); @@ -1760,6 +1754,12 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info) return FALSE; } +#if VMS_DEBUG + _bfd_vms_debug (4, "etir: %s(%d)\n", + _bfd_vms_etir_name (cmd), cmd); + _bfd_hexdump (8, ptr, cmd_length - 4, 0); +#endif + switch (cmd) { /* Stack global |