aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2017-06-19 14:52:36 +0100
committerNick Clifton <nickc@redhat.com>2017-06-19 14:52:36 +0100
commitbc21b167eb0106eb31d946a0eb5acfb7e4d5d8a1 (patch)
tree593d45a9586606cc231a3778a0bbc0772f00fff4
parent0f6d864de2469af4223391993b430b0d45573dcb (diff)
downloadgdb-bc21b167eb0106eb31d946a0eb5acfb7e4d5d8a1.zip
gdb-bc21b167eb0106eb31d946a0eb5acfb7e4d5d8a1.tar.gz
gdb-bc21b167eb0106eb31d946a0eb5acfb7e4d5d8a1.tar.bz2
Fix address violations when reading corrupt VMS records.
PR binutils/21618 * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record length. (evax_bfd_print_eeom): Likewise. (evax_bfd_print_egsd): Check for an overlarge record length. (evax_bfd_print_etir): Likewise.
-rw-r--r--bfd/ChangeLog9
-rw-r--r--bfd/vms-alpha.c27
2 files changed, 36 insertions, 0 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index e718517..5177bc7 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,14 @@
2017-06-19 Nick Clifton <nickc@redhat.com>
+ PR binutils/21618
+ * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
+ length.
+ (evax_bfd_print_eeom): Likewise.
+ (evax_bfd_print_egsd): Check for an overlarge record length.
+ (evax_bfd_print_etir): Likewise.
+
+2017-06-19 Nick Clifton <nickc@redhat.com>
+
PR binutils/21612
* libieee.h (struct common_header_type): Add end_p field.
* ieee.c (this_byte_and_next): Do not advance input_p beyond
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 73f6976..8569868 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -5634,6 +5634,13 @@ evax_bfd_print_emh (FILE *file, unsigned char *rec, unsigned int rec_len)
/* xgettext:c-format */
fprintf (file, _(" EMH %u (len=%u): "), subtype, rec_len);
+ /* PR 21618: Check for invalid lengths. */
+ if (rec_len < sizeof (* emh))
+ {
+ fprintf (file, _(" Error: The length is less than the length of an EMH record\n"));
+ return;
+ }
+
switch (subtype)
{
case EMH__C_MHD:
@@ -5697,6 +5704,14 @@ evax_bfd_print_eeom (FILE *file, unsigned char *rec, unsigned int rec_len)
struct vms_eeom *eeom = (struct vms_eeom *)rec;
fprintf (file, _(" EEOM (len=%u):\n"), rec_len);
+
+ /* PR 21618: Check for invalid lengths. */
+ if (rec_len < sizeof (* eeom))
+ {
+ fprintf (file, _(" Error: The length is less than the length of an EEOM record\n"));
+ return;
+ }
+
fprintf (file, _(" number of cond linkage pairs: %u\n"),
(unsigned)bfd_getl32 (eeom->total_lps));
fprintf (file, _(" completion code: %u\n"),
@@ -5786,6 +5801,12 @@ evax_bfd_print_egsd (FILE *file, unsigned char *rec, unsigned int rec_len)
n, type, len);
n++;
+ if (off + len > rec_len || off + len < off)
+ {
+ fprintf (file, _(" Error: length larger than remaining space in record\n"));
+ return;
+ }
+
switch (type)
{
case EGSD__C_PSC:
@@ -6031,6 +6052,12 @@ evax_bfd_print_etir (FILE *file, const char *name,
size = bfd_getl16 (etir->size);
buf = rec + off + sizeof (struct vms_etir);
+ if (off + size > rec_len || off + size < off)
+ {
+ fprintf (file, _(" Error: length larger than remaining space in record\n"));
+ return;
+ }
+
/* xgettext:c-format */
fprintf (file, _(" (type: %3u, size: 4+%3u): "), type, size - 4);
switch (type)