asan: alpha-vms: null dereference

* vms-alpha.c (dst_restore_location): Validate index into dst_ptr_offsets array before accessing. Return status. (dst_retrieve_location): Similarly, making "loc" parameter a pointer to return value. (_bfd_vms_slurp_etir): Update calls to above functions.
author: Alan Modra <amodra@gmail.com> 2020-03-16 08:44:38 +1030
committer: Alan Modra <amodra@gmail.com> 2020-03-16 10:51:53 +1030
commit: 7bac4137d757be98de8f6f8d8a649f04cacfdd2f (patch)
tree: bfece60e1a1d9995b2343c2f93445558864d8777 /bfd/vms-alpha.c
parent: 6b9374f1e07cb250736815ff8db263199416adc6 (diff)
download: gdb-7bac4137d757be98de8f6f8d8a649f04cacfdd2f.zip
gdb-7bac4137d757be98de8f6f8d8a649f04cacfdd2f.tar.gz
gdb-7bac4137d757be98de8f6f8d8a649f04cacfdd2f.tar.bz2
1 files changed, 29 insertions, 9 deletions
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 241dab3..c08d35d 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -1570,22 +1570,32 @@ dst_define_location (bfd *abfd, unsigned int loc)
 
 /* Restore saved DST location counter from specified index.  */
 
-static void
+static bfd_boolean
 dst_restore_location (bfd *abfd, unsigned int loc)
 {
   vms_debug2 ((4, "dst_restore_location (%d)\n", (int)loc));
 
-  PRIV (image_offset) = PRIV (dst_ptr_offsets)[loc];
+  if (loc < PRIV (dst_ptr_offsets_count))
+    {
+      PRIV (image_offset) = PRIV (dst_ptr_offsets)[loc];
+      return TRUE;
+    }
+  return FALSE;
 }
 
 /* Retrieve saved DST location counter from specified index.  */
 
-static unsigned int
-dst_retrieve_location (bfd *abfd, unsigned int loc)
+static bfd_boolean
+dst_retrieve_location (bfd *abfd, bfd_vma *loc)
 {
-  vms_debug2 ((4, "dst_retrieve_location (%d)\n", (int)loc));
+  vms_debug2 ((4, "dst_retrieve_location (%d)\n", (int) *loc));
 
-  return PRIV (dst_ptr_offsets)[loc];
+  if (*loc < PRIV (dst_ptr_offsets_count))
+    {
+      *loc = PRIV (dst_ptr_offsets)[*loc];
+      return TRUE;
+    }
+  return FALSE;
 }
 
 /* Write multiple bytes to section image.  */
@@ -2326,7 +2336,12 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
 	    return FALSE;
 	  if (rel1 != RELC_NONE)
 	    goto bad_context;
-	  dst_restore_location (abfd, op1);
+	  if (!dst_restore_location (abfd, op1))
+	    {
+	      bfd_set_error (bfd_error_bad_value);
+	      _bfd_error_handler (_("invalid %s"), "ETIR__C_CTL_STLOC");
+	      return FALSE;
+	    }
 	  break;
 
 	  /* Stack defined location: pop index, push location counter from index
@@ -2336,8 +2351,13 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
 	    return FALSE;
 	  if (rel1 != RELC_NONE)
 	    goto bad_context;
-	  if (!_bfd_vms_push (abfd, dst_retrieve_location (abfd, op1),
-			      RELC_NONE))
+	  if (!dst_retrieve_location (abfd, &op1))
+	    {
+	      bfd_set_error (bfd_error_bad_value);
+	      _bfd_error_handler (_("invalid %s"), "ETIR__C_CTL_STKDL");
+	      return FALSE;
+	    }
+	  if (!_bfd_vms_push (abfd, op1, RELC_NONE))
 	    return FALSE;
 	  break;
author	Alan Modra <amodra@gmail.com>	2020-03-16 08:44:38 +1030
committer	Alan Modra <amodra@gmail.com>	2020-03-16 10:51:53 +1030
commit	7bac4137d757be98de8f6f8d8a649f04cacfdd2f (patch)
tree	bfece60e1a1d9995b2343c2f93445558864d8777 /bfd/vms-alpha.c
parent	6b9374f1e07cb250736815ff8db263199416adc6 (diff)
download	gdb-7bac4137d757be98de8f6f8d8a649f04cacfdd2f.zip gdb-7bac4137d757be98de8f6f8d8a649f04cacfdd2f.tar.gz gdb-7bac4137d757be98de8f6f8d8a649f04cacfdd2f.tar.bz2