aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--bfd/ChangeLog5
-rw-r--r--bfd/archive64.c12
2 files changed, 11 insertions, 6 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index d73bb94..41b6cb9 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2010-06-23 Nathan Sidwell <nathan@codesourcery.com>
+
+ * archive64.c (bfd_elf64_archive_write_armap): Fix buffer overrun
+ when scaning map.
+
2010-06-17 Tristan Gingold <gingold@adacore.com>
* Makefile.am (BFD32_BACKENDS_CFILES): Move vms-alpha.c to ...
diff --git a/bfd/archive64.c b/bfd/archive64.c
index 067fbb9..bbc4c3f 100644
--- a/bfd/archive64.c
+++ b/bfd/archive64.c
@@ -194,27 +194,27 @@ bfd_elf64_archive_write_armap (bfd *arch,
/* Write out the file offset for the file associated with each
symbol, and remember to keep the offsets padded out. */
-
- current = arch->archive_head;
count = 0;
- while (current != NULL && count < symbol_count)
+ for (current = arch->archive_head;
+ current != NULL && count < symbol_count;
+ current = current->archive_next)
{
/* For each symbol which is used defined in this object, write out
the object file's address in the archive */
- while (map[count].u.abfd == current)
+ for (;
+ count < symbol_count && map[count].u.abfd == current;
+ count++)
{
bfd_putb64 ((bfd_vma) archive_member_file_ptr, buf);
if (bfd_bwrite (buf, 8, arch) != 8)
return FALSE;
- count++;
}
/* Add size of this archive entry */
archive_member_file_ptr += (arelt_size (current)
+ sizeof (struct ar_hdr));
/* remember about the even alignment */
archive_member_file_ptr += archive_member_file_ptr % 2;
- current = current->archive_next;
}
/* now write the strings themselves */