aboutsummaryrefslogtreecommitdiff
path: root/bfd
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2007-07-26 12:34:43 +0000
committerAlan Modra <amodra@gmail.com>2007-07-26 12:34:43 +0000
commite62071b60e0a89780a5b3a153365805346b38614 (patch)
treead66168f0786a49eaa37d51dc4c39a3c09439952 /bfd
parentb9da616afe44eb7d00a669dad47bc6860e9b23d3 (diff)
downloadgdb-e62071b60e0a89780a5b3a153365805346b38614.zip
gdb-e62071b60e0a89780a5b3a153365805346b38614.tar.gz
gdb-e62071b60e0a89780a5b3a153365805346b38614.tar.bz2
* srec.c (srec_get_section_contents): Return immediately on
count zero. Check that offset and count are within section. * libbfd.c (_bfd_generic_get_section_contents): Check that offset + count does not overflow.
Diffstat (limited to 'bfd')
-rw-r--r--bfd/ChangeLog5
-rw-r--r--bfd/libbfd.c3
-rw-r--r--bfd/srec.c12
3 files changed, 18 insertions, 2 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 9bef708..19a7c49 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,10 @@
2007-07-26 Alan Modra <amodra@bigpond.net.au>
+ * srec.c (srec_get_section_contents): Return immediately on
+ count zero. Check that offset and count are within section.
+ * libbfd.c (_bfd_generic_get_section_contents): Check that
+ offset + count does not overflow.
+
* srec.c (srec_canonicalize_symtab): Don't alloc when symcount
is zero. Correct return value on error.
* mmo.c (mmo_canonicalize_symtab): Likewise.
diff --git a/bfd/libbfd.c b/bfd/libbfd.c
index 33d9c01..bf49a2e 100644
--- a/bfd/libbfd.c
+++ b/bfd/libbfd.c
@@ -820,7 +820,8 @@ _bfd_generic_get_section_contents (bfd *abfd,
return TRUE;
sz = section->rawsize ? section->rawsize : section->size;
- if (offset + count > sz)
+ if (offset + count < count
+ || offset + count > sz)
{
bfd_set_error (bfd_error_invalid_operation);
return FALSE;
diff --git a/bfd/srec.c b/bfd/srec.c
index a5f588c..ebb039b 100644
--- a/bfd/srec.c
+++ b/bfd/srec.c
@@ -781,10 +781,20 @@ srec_get_section_contents (bfd *abfd,
file_ptr offset,
bfd_size_type count)
{
+ if (count == 0)
+ return TRUE;
+
+ if (offset + count < count
+ || offset + count > section->size)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
+ }
+
if (section->used_by_bfd == NULL)
{
section->used_by_bfd = bfd_alloc (abfd, section->size);
- if (section->used_by_bfd == NULL && section->size != 0)
+ if (section->used_by_bfd == NULL)
return FALSE;
if (! srec_read_section (abfd, section, section->used_by_bfd))