diff options
author | Nathan Sidwell <nathan@codesourcery.com> | 2010-06-23 10:21:16 +0000 |
---|---|---|
committer | Nathan Sidwell <nathan@codesourcery.com> | 2010-06-23 10:21:16 +0000 |
commit | 61e8a5ea173059baf957e65885fbaa3613cc6076 (patch) | |
tree | 30d3f0edcd29ff5d368a5c32b37d0ff329022670 | |
parent | 38f6b338fd42e2c16c7e53eed49a80b10ac3692f (diff) | |
download | gdb-61e8a5ea173059baf957e65885fbaa3613cc6076.zip gdb-61e8a5ea173059baf957e65885fbaa3613cc6076.tar.gz gdb-61e8a5ea173059baf957e65885fbaa3613cc6076.tar.bz2 |
* archive64.c (bfd_elf64_archive_write_armap): Fix buffer overrun
when scaning map.
-rw-r--r-- | bfd/ChangeLog | 5 | ||||
-rw-r--r-- | bfd/archive64.c | 12 |
2 files changed, 11 insertions, 6 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index d73bb94..41b6cb9 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2010-06-23 Nathan Sidwell <nathan@codesourcery.com> + + * archive64.c (bfd_elf64_archive_write_armap): Fix buffer overrun + when scaning map. + 2010-06-17 Tristan Gingold <gingold@adacore.com> * Makefile.am (BFD32_BACKENDS_CFILES): Move vms-alpha.c to ... diff --git a/bfd/archive64.c b/bfd/archive64.c index 067fbb9..bbc4c3f 100644 --- a/bfd/archive64.c +++ b/bfd/archive64.c @@ -194,27 +194,27 @@ bfd_elf64_archive_write_armap (bfd *arch, /* Write out the file offset for the file associated with each symbol, and remember to keep the offsets padded out. */ - - current = arch->archive_head; count = 0; - while (current != NULL && count < symbol_count) + for (current = arch->archive_head; + current != NULL && count < symbol_count; + current = current->archive_next) { /* For each symbol which is used defined in this object, write out the object file's address in the archive */ - while (map[count].u.abfd == current) + for (; + count < symbol_count && map[count].u.abfd == current; + count++) { bfd_putb64 ((bfd_vma) archive_member_file_ptr, buf); if (bfd_bwrite (buf, 8, arch) != 8) return FALSE; - count++; } /* Add size of this archive entry */ archive_member_file_ptr += (arelt_size (current) + sizeof (struct ar_hdr)); /* remember about the even alignment */ archive_member_file_ptr += archive_member_file_ptr % 2; - current = current->archive_next; } /* now write the strings themselves */ |