diff options
author | Alan Modra <amodra@gmail.com> | 2007-07-26 12:34:43 +0000 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2007-07-26 12:34:43 +0000 |
commit | e62071b60e0a89780a5b3a153365805346b38614 (patch) | |
tree | ad66168f0786a49eaa37d51dc4c39a3c09439952 /bfd | |
parent | b9da616afe44eb7d00a669dad47bc6860e9b23d3 (diff) | |
download | gdb-e62071b60e0a89780a5b3a153365805346b38614.zip gdb-e62071b60e0a89780a5b3a153365805346b38614.tar.gz gdb-e62071b60e0a89780a5b3a153365805346b38614.tar.bz2 |
* srec.c (srec_get_section_contents): Return immediately on
count zero. Check that offset and count are within section.
* libbfd.c (_bfd_generic_get_section_contents): Check that
offset + count does not overflow.
Diffstat (limited to 'bfd')
-rw-r--r-- | bfd/ChangeLog | 5 | ||||
-rw-r--r-- | bfd/libbfd.c | 3 | ||||
-rw-r--r-- | bfd/srec.c | 12 |
3 files changed, 18 insertions, 2 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 9bef708..19a7c49 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,5 +1,10 @@ 2007-07-26 Alan Modra <amodra@bigpond.net.au> + * srec.c (srec_get_section_contents): Return immediately on + count zero. Check that offset and count are within section. + * libbfd.c (_bfd_generic_get_section_contents): Check that + offset + count does not overflow. + * srec.c (srec_canonicalize_symtab): Don't alloc when symcount is zero. Correct return value on error. * mmo.c (mmo_canonicalize_symtab): Likewise. diff --git a/bfd/libbfd.c b/bfd/libbfd.c index 33d9c01..bf49a2e 100644 --- a/bfd/libbfd.c +++ b/bfd/libbfd.c @@ -820,7 +820,8 @@ _bfd_generic_get_section_contents (bfd *abfd, return TRUE; sz = section->rawsize ? section->rawsize : section->size; - if (offset + count > sz) + if (offset + count < count + || offset + count > sz) { bfd_set_error (bfd_error_invalid_operation); return FALSE; @@ -781,10 +781,20 @@ srec_get_section_contents (bfd *abfd, file_ptr offset, bfd_size_type count) { + if (count == 0) + return TRUE; + + if (offset + count < count + || offset + count > section->size) + { + bfd_set_error (bfd_error_invalid_operation); + return FALSE; + } + if (section->used_by_bfd == NULL) { section->used_by_bfd = bfd_alloc (abfd, section->size); - if (section->used_by_bfd == NULL && section->size != 0) + if (section->used_by_bfd == NULL) return FALSE; if (! srec_read_section (abfd, section, section->used_by_bfd)) |