diff options
author | Alan Modra <amodra@gmail.com> | 2023-03-18 16:34:08 +1030 |
---|---|---|
committer | Alan Modra <amodra@gmail.com> | 2023-03-19 22:19:19 +1030 |
commit | 99b847478c35b64ffddaf7af53c348217d037cb2 (patch) | |
tree | 7a37877fec4a332562f213f37d5618fe8589f878 /bfd | |
parent | 5f51eb9397768a6d93e523e05f5b7e8f78465c71 (diff) | |
download | gdb-99b847478c35b64ffddaf7af53c348217d037cb2.zip gdb-99b847478c35b64ffddaf7af53c348217d037cb2.tar.gz gdb-99b847478c35b64ffddaf7af53c348217d037cb2.tar.bz2 |
XCOFF archive sanity check
XCOFF archive elements are in a linked list. Add a little more sanity
checking. This of course doesn't stop the fuzzers finding a way to
make a loop, but this check is cheap.
* coff-rs6000.c (_bfd_xcoff_openr_next_archived_file): Sanity
check that next element isn't pointing back to the header.
Diffstat (limited to 'bfd')
-rw-r--r-- | bfd/coff-rs6000.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/bfd/coff-rs6000.c b/bfd/coff-rs6000.c index 4b7b5d3..735d434 100644 --- a/bfd/coff-rs6000.c +++ b/bfd/coff-rs6000.c @@ -1714,8 +1714,11 @@ _bfd_xcoff_openr_next_archived_file (bfd *archive, bfd *last_file) laststart -= SIZEOF_AR_HDR + arel->extra_size; } - /* Sanity check that we aren't pointing into the previous element. */ - if (filestart != 0 && filestart >= laststart && filestart < lastend) + /* Sanity check that we aren't pointing into the previous element, + or into the header. */ + if (filestart != 0 + && (filestart < SIZEOF_AR_FILE_HDR + || (filestart >= laststart && filestart < lastend))) { bfd_set_error (bfd_error_malformed_archive); return NULL; @@ -1747,8 +1750,11 @@ _bfd_xcoff_openr_next_archived_file (bfd *archive, bfd *last_file) laststart -= SIZEOF_AR_HDR_BIG + arel->extra_size; } - /* Sanity check that we aren't pointing into the previous element. */ - if (filestart != 0 && filestart >= laststart && filestart < lastend) + /* Sanity check that we aren't pointing into the previous element + or into the header. */ + if (filestart != 0 + && (filestart < SIZEOF_AR_FILE_HDR_BIG + || (filestart >= laststart && filestart < lastend))) { bfd_set_error (bfd_error_malformed_archive); return NULL; |