diff options
| author | Yuriy M. Kaminskiy <yumkam@gmail.com> | 2015-08-04 16:51:53 +0100 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2015-08-04 16:51:53 +0100 |
| commit | 7e27a9d5f22f9f7ead11738b1546d0b5c737266b (patch) | |
| tree | 46bffdfecd821e8f439790cab4da495658777807 /bfd/ihex.c | |
| parent | 4e13f8fb05eb7ffd163d96e519cc011d8d21e3d7 (diff) | |
| download | gdb-7e27a9d5f22f9f7ead11738b1546d0b5c737266b.zip gdb-7e27a9d5f22f9f7ead11738b1546d0b5c737266b.tar.gz gdb-7e27a9d5f22f9f7ead11738b1546d0b5c737266b.tar.bz2 | |
Fix stack buffer overflows when parsing corrupt ihex files.
PR binutils/18750
* ihex.c (ihex_scan): Fixes incorrect escape sequence in error message
and stack overflow when char is signed and \200-\376 was in place of hex
digit; also fixes \377 was handled as EOF instead of "incorrect character".
(ihex_read_section): Changed for consistency.
(ihex_bad_byte): Prevent (now impossible to trigger) stack
overflow and incorrect escape sequence handling.
* srec.c (srec_bad_byte): Likewise.
* readelf.c (process_mips_specific): Fix incorrect escape
sequence handling.
Diffstat (limited to 'bfd/ihex.c')
| -rw-r--r-- | bfd/ihex.c | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -219,7 +219,7 @@ ihex_bad_byte (bfd *abfd, unsigned int lineno, int c, bfd_boolean error) char buf[10]; if (! ISPRINT (c)) - sprintf (buf, "\\%03o", (unsigned int) c); + sprintf (buf, "\\%03o", (unsigned int) c & 0xff); else { buf[0] = c; @@ -276,7 +276,7 @@ ihex_scan (bfd *abfd) else { file_ptr pos; - char hdr[8]; + unsigned char hdr[8]; unsigned int i; unsigned int len; bfd_vma addr; @@ -553,7 +553,7 @@ ihex_read_section (bfd *abfd, asection *section, bfd_byte *contents) error = FALSE; while ((c = ihex_get_byte (abfd, &error)) != EOF) { - char hdr[8]; + unsigned char hdr[8]; unsigned int len; unsigned int type; unsigned int i; |