aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2021-07-30 12:56:22 +0930
committerAlan Modra <amodra@gmail.com>2021-07-30 15:06:56 +0930
commit472dd8b357e878b09ffa0703ad80b2915aaa4ec6 (patch)
treec13906a41d7319d3401f2c5f20e21402d96b408d
parent6329d1e13eabb4463d3a459ffe4fd0f028ca37df (diff)
downloadgdb-472dd8b357e878b09ffa0703ad80b2915aaa4ec6.zip
gdb-472dd8b357e878b09ffa0703ad80b2915aaa4ec6.tar.gz
gdb-472dd8b357e878b09ffa0703ad80b2915aaa4ec6.tar.bz2
Sanity check _bfd_coff_read_string_table
* coffgen.c (_bfd_coff_read_string_table): Catch overflows when calculating string table file location.
-rw-r--r--bfd/coffgen.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index 017d4c3..ca93682 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1662,8 +1662,10 @@ _bfd_coff_read_string_table (bfd *abfd)
char extstrsize[STRING_SIZE_SIZE];
bfd_size_type strsize;
char *strings;
- file_ptr pos;
+ ufile_ptr pos;
ufile_ptr filesize;
+ size_t symesz;
+ size_t size;
if (obj_coff_strings (abfd) != NULL)
return obj_coff_strings (abfd);
@@ -1674,9 +1676,16 @@ _bfd_coff_read_string_table (bfd *abfd)
return NULL;
}
+ symesz = bfd_coff_symesz (abfd);
pos = obj_sym_filepos (abfd);
- pos += obj_raw_syment_count (abfd) * bfd_coff_symesz (abfd);
- if (bfd_seek (abfd, pos, SEEK_SET) != 0)
+ if (_bfd_mul_overflow (obj_raw_syment_count (abfd), symesz, &size)
+ || pos + size < pos)
+ {
+ bfd_set_error (bfd_error_file_truncated);
+ return NULL;
+ }
+
+ if (bfd_seek (abfd, pos + size, SEEK_SET) != 0)
return NULL;
if (bfd_bread (extstrsize, (bfd_size_type) sizeof extstrsize, abfd)