aboutsummaryrefslogtreecommitdiff
path: root/bfd/srec.c
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2007-07-26 12:34:43 +0000
committerAlan Modra <amodra@gmail.com>2007-07-26 12:34:43 +0000
commite62071b60e0a89780a5b3a153365805346b38614 (patch)
treead66168f0786a49eaa37d51dc4c39a3c09439952 /bfd/srec.c
parentb9da616afe44eb7d00a669dad47bc6860e9b23d3 (diff)
downloadgdb-e62071b60e0a89780a5b3a153365805346b38614.zip
gdb-e62071b60e0a89780a5b3a153365805346b38614.tar.gz
gdb-e62071b60e0a89780a5b3a153365805346b38614.tar.bz2
* srec.c (srec_get_section_contents): Return immediately on
count zero. Check that offset and count are within section. * libbfd.c (_bfd_generic_get_section_contents): Check that offset + count does not overflow.
Diffstat (limited to 'bfd/srec.c')
-rw-r--r--bfd/srec.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/bfd/srec.c b/bfd/srec.c
index a5f588c..ebb039b 100644
--- a/bfd/srec.c
+++ b/bfd/srec.c
@@ -781,10 +781,20 @@ srec_get_section_contents (bfd *abfd,
file_ptr offset,
bfd_size_type count)
{
+ if (count == 0)
+ return TRUE;
+
+ if (offset + count < count
+ || offset + count > section->size)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
+ }
+
if (section->used_by_bfd == NULL)
{
section->used_by_bfd = bfd_alloc (abfd, section->size);
- if (section->used_by_bfd == NULL && section->size != 0)
+ if (section->used_by_bfd == NULL)
return FALSE;
if (! srec_read_section (abfd, section, section->used_by_bfd))