diff options
author | Alan Modra <amodra@gmail.com> | 2024-09-05 16:14:03 +0930 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2024-09-05 16:14:03 +0930 |
commit | 8a72d8924a57af56778128c8f6f4ef52f08ad77c (patch) | |
tree | 5224cf05be88ade806441e5a1e712e4b7631b4d0 /bfd | |
parent | 43af2e08dc0af7796b557d14f13317c0c24f948a (diff) | |
download | gdb-8a72d8924a57af56778128c8f6f4ef52f08ad77c.zip gdb-8a72d8924a57af56778128c8f6f4ef52f08ad77c.tar.gz gdb-8a72d8924a57af56778128c8f6f4ef52f08ad77c.tar.bz2 |
PR32136, Use-of-uninitialized-memory in evax_bfd_print_image
PR 32136
* vms-alpha.c (evax_bfd_print_image): Sanity check various string
lengths.
Diffstat (limited to 'bfd')
-rw-r--r-- | bfd/vms-alpha.c | 46 |
1 files changed, 31 insertions, 15 deletions
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c index 6eea61d..df279bc 100644 --- a/bfd/vms-alpha.c +++ b/bfd/vms-alpha.c @@ -8330,18 +8330,26 @@ evax_bfd_print_image (bfd *abfd, FILE *file) } /* xgettext:c-format */ fprintf (file, _("Image identification: (major: %u, minor: %u)\n"), - (unsigned)bfd_getl32 (eihi.majorid), - (unsigned)bfd_getl32 (eihi.minorid)); - fprintf (file, _(" image name : %.*s\n"), - eihi.imgnam[0], eihi.imgnam + 1); + (unsigned) bfd_getl32 (eihi.majorid), + (unsigned) bfd_getl32 (eihi.minorid)); + unsigned int nlen = eihi.imgnam[0]; + if (nlen > sizeof (eihi.imgnam) - 1) + nlen = sizeof (eihi.imgnam) - 1; + fprintf (file, _(" image name : %.*s\n"), nlen, eihi.imgnam + 1); fprintf (file, _(" link time : %s\n"), vms_time_to_str (eihi.linktime)); - fprintf (file, _(" image ident : %.*s\n"), - eihi.imgid[0], eihi.imgid + 1); - fprintf (file, _(" linker ident : %.*s\n"), - eihi.linkid[0], eihi.linkid + 1); - fprintf (file, _(" image build ident: %.*s\n"), - eihi.imgbid[0], eihi.imgbid + 1); + nlen = eihi.imgid[0]; + if (nlen > sizeof (eihi.imgid) - 1) + nlen = sizeof (eihi.imgid) - 1; + fprintf (file, _(" image ident : %.*s\n"), nlen, eihi.imgid + 1); + nlen = eihi.linkid[0]; + if (nlen > sizeof (eihi.linkid) - 1) + nlen = sizeof (eihi.linkid) - 1; + fprintf (file, _(" linker ident : %.*s\n"), nlen, eihi.linkid + 1); + nlen = eihi.imgbid[0]; + if (nlen > sizeof (eihi.imgbid) -1 ) + nlen = sizeof (eihi.imgbid) - 1; + fprintf (file, _(" image build ident: %.*s\n"), nlen, eihi.imgbid + 1); } if (eihs_off != 0) { @@ -8474,10 +8482,15 @@ evax_bfd_print_image (bfd *abfd, FILE *file) } fputs (_(")\n"), file); if (val & EISD__M_GBL) - /* xgettext:c-format */ - fprintf (file, _(" ident: 0x%08x, name: %.*s\n"), - (unsigned)bfd_getl32 (eisd.ident), - eisd.gblnam[0], eisd.gblnam + 1); + { + unsigned int nlen = eisd.gblnam[0]; + if (nlen > sizeof (eisd.gblnam) - 1) + nlen = sizeof (eisd.gblnam) - 1; + /* xgettext:c-format */ + fprintf (file, _(" ident: 0x%08x, name: %.*s\n"), + (unsigned) bfd_getl32 (eisd.ident), + nlen, eisd.gblnam + 1); + } eisd_off += len; } @@ -8628,11 +8641,14 @@ evax_bfd_print_image (bfd *abfd, FILE *file) j++, shlstoff += sizeof (struct vms_shl)) { struct vms_shl *shl = (struct vms_shl *) (buf + shlstoff); + unsigned int nlen = shl->imgnam[0]; + if (nlen > sizeof (shl->imgnam) - 1) + nlen = sizeof (shl->imgnam) - 1; fprintf (file, /* xgettext:c-format */ _(" %u: size: %u, flags: 0x%02x, name: %.*s\n"), j, shl->size, shl->flags, - shl->imgnam[0], shl->imgnam + 1); + nlen, shl->imgnam + 1); } } if (qrelfixoff != 0) |