diff options
author | Alan Modra <amodra@gmail.com> | 2019-08-07 18:53:09 +0930 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2019-08-07 19:01:17 +0930 |
commit | 97b031c5d6d42ff2b1758a8a8c332cb44ba9c06f (patch) | |
tree | 4ac59ae4101ae7f6a6a87770b637cdb679fc049d /bfd/archive64.c | |
parent | 7cd00957a57f8d8195baf7a85ea21b879bbbaf91 (diff) | |
download | gdb-97b031c5d6d42ff2b1758a8a8c332cb44ba9c06f.zip gdb-97b031c5d6d42ff2b1758a8a8c332cb44ba9c06f.tar.gz gdb-97b031c5d6d42ff2b1758a8a8c332cb44ba9c06f.tar.bz2 |
PR24644, OOM-Bug in _bfd_archive_64_bit_slurp_armap
PR 24644
* archive64.c (_bfd_archive_64_bit_slurp_armap): Properly check
for overflow in expressions involving nsymz.
Diffstat (limited to 'bfd/archive64.c')
-rw-r--r-- | bfd/archive64.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/bfd/archive64.c b/bfd/archive64.c index 42f6ed9..a2c628e 100644 --- a/bfd/archive64.c +++ b/bfd/archive64.c @@ -90,7 +90,14 @@ _bfd_archive_64_bit_slurp_armap (bfd *abfd) ptrsize = 8 * nsymz; amt = carsym_size + stringsize + 1; - if (carsym_size < nsymz || ptrsize < nsymz || amt < nsymz) + if (/* Catch overflow in stringsize (and ptrsize) expression. */ + nsymz >= (bfd_size_type) -1 / 8 + || stringsize > parsed_size + /* Catch overflow in carsym_size expression. */ + || nsymz > (bfd_size_type) -1 / sizeof (carsym) + /* Catch overflow in amt expression. */ + || amt <= carsym_size + || amt <= stringsize) { bfd_set_error (bfd_error_malformed_archive); return FALSE; |