diff options
Diffstat (limited to 'bfd/ecoff.c')
-rw-r--r-- | bfd/ecoff.c | 65 |
1 files changed, 42 insertions, 23 deletions
diff --git a/bfd/ecoff.c b/bfd/ecoff.c index e8ccbd4..15c18ac 100644 --- a/bfd/ecoff.c +++ b/bfd/ecoff.c @@ -514,6 +514,7 @@ _bfd_ecoff_slurp_symbolic_info (bfd *abfd, bfd_size_type raw_end; bfd_size_type cb_end; file_ptr pos; + size_t amt; BFD_ASSERT (debug == &ecoff_data (abfd)->debug_info); @@ -615,8 +616,13 @@ _bfd_ecoff_slurp_symbolic_info (bfd *abfd, We need to look at the fdr to deal with a lot of information in the symbols, so we swap them here. */ - debug->fdr = (FDR *) bfd_alloc2 (abfd, internal_symhdr->ifdMax, - sizeof (struct fdr)); + if (_bfd_mul_overflow ((unsigned long) internal_symhdr->ifdMax, + sizeof (struct fdr), &amt)) + { + bfd_set_error (bfd_error_file_too_big); + return FALSE; + } + debug->fdr = (FDR *) bfd_alloc (abfd, amt); if (debug->fdr == NULL) return FALSE; external_fdr_size = backend->debug_swap.external_fdr_size; @@ -872,6 +878,7 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd) char *eraw_end; FDR *fdr_ptr; FDR *fdr_end; + size_t amt; /* If we've already read in the symbol table, do nothing. */ if (ecoff_data (abfd)->canonical_symbols != NULL) @@ -884,8 +891,13 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd) if (bfd_get_symcount (abfd) == 0) return TRUE; - internal = (ecoff_symbol_type *) bfd_alloc2 (abfd, bfd_get_symcount (abfd), - sizeof (ecoff_symbol_type)); + if (_bfd_mul_overflow (bfd_get_symcount (abfd), + sizeof (ecoff_symbol_type), &amt)) + { + bfd_set_error (bfd_error_file_too_big); + return FALSE; + } + internal = (ecoff_symbol_type *) bfd_alloc (abfd, amt); if (internal == NULL) return FALSE; @@ -3745,25 +3757,32 @@ ecoff_final_link_debug_accumulate (bfd *output_bfd, HDRR *symhdr = &debug->symbolic_header; bfd_boolean ret; -#define READ(ptr, offset, count, size, type) \ - if (symhdr->count == 0) \ - debug->ptr = NULL; \ - else \ - { \ - bfd_size_type amt = (bfd_size_type) size * symhdr->count; \ - debug->ptr = (type) bfd_malloc (amt); \ - if (debug->ptr == NULL) \ - { \ - ret = FALSE; \ - goto return_something; \ - } \ - if (bfd_seek (input_bfd, (file_ptr) symhdr->offset, SEEK_SET) != 0 \ - || bfd_bread (debug->ptr, amt, input_bfd) != amt) \ - { \ - ret = FALSE; \ - goto return_something; \ - } \ - } +#define READ(ptr, offset, count, size, type) \ + do \ + { \ + size_t amt; \ + debug->ptr = NULL; \ + if (symhdr->count == 0) \ + break; \ + if (_bfd_mul_overflow (size, symhdr->count, &amt)) \ + { \ + bfd_set_error (bfd_error_file_too_big); \ + ret = FALSE; \ + goto return_something; \ + } \ + debug->ptr = (type) bfd_malloc (amt); \ + if (debug->ptr == NULL) \ + { \ + ret = FALSE; \ + goto return_something; \ + } \ + if (bfd_seek (input_bfd, symhdr->offset, SEEK_SET) != 0 \ + || bfd_bread (debug->ptr, amt, input_bfd) != amt) \ + { \ + ret = FALSE; \ + goto return_something; \ + } \ + } while (0) /* If raw_syments is not NULL, then the data was already by read by _bfd_ecoff_slurp_symbolic_info. */ |