aboutsummaryrefslogtreecommitdiff
path: root/bfd/archive64.c
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2019-08-07 18:53:09 +0930
committerAlan Modra <amodra@gmail.com>2019-08-07 19:01:17 +0930
commit97b031c5d6d42ff2b1758a8a8c332cb44ba9c06f (patch)
tree4ac59ae4101ae7f6a6a87770b637cdb679fc049d /bfd/archive64.c
parent7cd00957a57f8d8195baf7a85ea21b879bbbaf91 (diff)
downloadgdb-97b031c5d6d42ff2b1758a8a8c332cb44ba9c06f.zip
gdb-97b031c5d6d42ff2b1758a8a8c332cb44ba9c06f.tar.gz
gdb-97b031c5d6d42ff2b1758a8a8c332cb44ba9c06f.tar.bz2
PR24644, OOM-Bug in _bfd_archive_64_bit_slurp_armap
PR 24644 * archive64.c (_bfd_archive_64_bit_slurp_armap): Properly check for overflow in expressions involving nsymz.
Diffstat (limited to 'bfd/archive64.c')
-rw-r--r--bfd/archive64.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/bfd/archive64.c b/bfd/archive64.c
index 42f6ed9..a2c628e 100644
--- a/bfd/archive64.c
+++ b/bfd/archive64.c
@@ -90,7 +90,14 @@ _bfd_archive_64_bit_slurp_armap (bfd *abfd)
ptrsize = 8 * nsymz;
amt = carsym_size + stringsize + 1;
- if (carsym_size < nsymz || ptrsize < nsymz || amt < nsymz)
+ if (/* Catch overflow in stringsize (and ptrsize) expression. */
+ nsymz >= (bfd_size_type) -1 / 8
+ || stringsize > parsed_size
+ /* Catch overflow in carsym_size expression. */
+ || nsymz > (bfd_size_type) -1 / sizeof (carsym)
+ /* Catch overflow in amt expression. */
+ || amt <= carsym_size
+ || amt <= stringsize)
{
bfd_set_error (bfd_error_malformed_archive);
return FALSE;