aboutsummaryrefslogtreecommitdiff
path: root/bfd/vms-alpha.c
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2017-06-19 14:52:36 +0100
committerNick Clifton <nickc@redhat.com>2017-06-19 14:52:36 +0100
commitbc21b167eb0106eb31d946a0eb5acfb7e4d5d8a1 (patch)
tree593d45a9586606cc231a3778a0bbc0772f00fff4 /bfd/vms-alpha.c
parent0f6d864de2469af4223391993b430b0d45573dcb (diff)
downloadgdb-bc21b167eb0106eb31d946a0eb5acfb7e4d5d8a1.zip
gdb-bc21b167eb0106eb31d946a0eb5acfb7e4d5d8a1.tar.gz
gdb-bc21b167eb0106eb31d946a0eb5acfb7e4d5d8a1.tar.bz2
Fix address violations when reading corrupt VMS records.
PR binutils/21618 * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record length. (evax_bfd_print_eeom): Likewise. (evax_bfd_print_egsd): Check for an overlarge record length. (evax_bfd_print_etir): Likewise.
Diffstat (limited to 'bfd/vms-alpha.c')
-rw-r--r--bfd/vms-alpha.c27
1 files changed, 27 insertions, 0 deletions
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 73f6976..8569868 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -5634,6 +5634,13 @@ evax_bfd_print_emh (FILE *file, unsigned char *rec, unsigned int rec_len)
/* xgettext:c-format */
fprintf (file, _(" EMH %u (len=%u): "), subtype, rec_len);
+ /* PR 21618: Check for invalid lengths. */
+ if (rec_len < sizeof (* emh))
+ {
+ fprintf (file, _(" Error: The length is less than the length of an EMH record\n"));
+ return;
+ }
+
switch (subtype)
{
case EMH__C_MHD:
@@ -5697,6 +5704,14 @@ evax_bfd_print_eeom (FILE *file, unsigned char *rec, unsigned int rec_len)
struct vms_eeom *eeom = (struct vms_eeom *)rec;
fprintf (file, _(" EEOM (len=%u):\n"), rec_len);
+
+ /* PR 21618: Check for invalid lengths. */
+ if (rec_len < sizeof (* eeom))
+ {
+ fprintf (file, _(" Error: The length is less than the length of an EEOM record\n"));
+ return;
+ }
+
fprintf (file, _(" number of cond linkage pairs: %u\n"),
(unsigned)bfd_getl32 (eeom->total_lps));
fprintf (file, _(" completion code: %u\n"),
@@ -5786,6 +5801,12 @@ evax_bfd_print_egsd (FILE *file, unsigned char *rec, unsigned int rec_len)
n, type, len);
n++;
+ if (off + len > rec_len || off + len < off)
+ {
+ fprintf (file, _(" Error: length larger than remaining space in record\n"));
+ return;
+ }
+
switch (type)
{
case EGSD__C_PSC:
@@ -6031,6 +6052,12 @@ evax_bfd_print_etir (FILE *file, const char *name,
size = bfd_getl16 (etir->size);
buf = rec + off + sizeof (struct vms_etir);
+ if (off + size > rec_len || off + size < off)
+ {
+ fprintf (file, _(" Error: length larger than remaining space in record\n"));
+ return;
+ }
+
/* xgettext:c-format */
fprintf (file, _(" (type: %3u, size: 4+%3u): "), type, size - 4);
switch (type)