XCOFF uninitialized read

* coff-rs6000.c (_bfd_xcoff_slurp_armap): Ensure size is large enough to read number of symbols.
author: Alan Modra <amodra@gmail.com> 2020-03-20 10:57:38 +1030
committer: Alan Modra <amodra@gmail.com> 2020-03-20 12:35:51 +1030
commit: 67338173a49204a2097ca1e2c63c6bc1fe972c3e (patch)
tree: 84fa706c61ea47287fb1987ef223adcb6b4ad260 /bfd/coff-rs6000.c
parent: 340f3ac8082771ecc473ab938fc3d7cbf607ddaa (diff)
download: gdb-67338173a49204a2097ca1e2c63c6bc1fe972c3e.zip
gdb-67338173a49204a2097ca1e2c63c6bc1fe972c3e.tar.gz
gdb-67338173a49204a2097ca1e2c63c6bc1fe972c3e.tar.bz2
1 files changed, 4 insertions, 4 deletions
diff --git a/bfd/coff-rs6000.c b/bfd/coff-rs6000.c
index 2dd68e0..bf87596 100644
--- a/bfd/coff-rs6000.c
+++ b/bfd/coff-rs6000.c
@@ -1260,9 +1260,9 @@ _bfd_xcoff_slurp_armap (bfd *abfd)
 	return FALSE;
 
       GET_VALUE_IN_FIELD (sz, hdr.size, 10);
-      if (sz == (bfd_size_type) -1)
+      if (sz + 1 < 5)
 	{
-	  bfd_set_error (bfd_error_no_memory);
+	  bfd_set_error (bfd_error_bad_value);
 	  return FALSE;
 	}
 
@@ -1322,9 +1322,9 @@ _bfd_xcoff_slurp_armap (bfd *abfd)
 	return FALSE;
 
       GET_VALUE_IN_FIELD (sz, hdr.size, 10);
-      if (sz == (bfd_size_type) -1)
+      if (sz + 1 < 9)
 	{
-	  bfd_set_error (bfd_error_no_memory);
+	  bfd_set_error (bfd_error_bad_value);
 	  return FALSE;
 	}
author	Alan Modra <amodra@gmail.com>	2020-03-20 10:57:38 +1030
committer	Alan Modra <amodra@gmail.com>	2020-03-20 12:35:51 +1030
commit	67338173a49204a2097ca1e2c63c6bc1fe972c3e (patch)
tree	84fa706c61ea47287fb1987ef223adcb6b4ad260 /bfd/coff-rs6000.c
parent	340f3ac8082771ecc473ab938fc3d7cbf607ddaa (diff)
download	gdb-67338173a49204a2097ca1e2c63c6bc1fe972c3e.zip gdb-67338173a49204a2097ca1e2c63c6bc1fe972c3e.tar.gz gdb-67338173a49204a2097ca1e2c63c6bc1fe972c3e.tar.bz2