FreeChainXenon/binutils-gdb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

readelf: catch archive_file_size of -1

Browse source 
Fuzzers might put -1 in arhdr.ar_size.  If the size is rounded up to
and even number of bytes we get zero.

	* readelf.c (process_archive): Don't round up archive_file_size.
	Do round up next_arhdr_offset calculation.
This commit is contained in:
Alan Modra 2021-07-30 13:07:12 +09:30
parent 5cfe19e51e
commit 237877b818
1 changed files with 1 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
binutils/readelf.c
View file

@ -21789,8 +21789,6 @@ process_archive (Filedata * filedata, bool is_thin_archive)
arch.next_arhdr_offset += sizeof arch.arhdr;
filedata->archive_file_size = strtoul (arch.arhdr.ar_size, NULL, 10);
if (filedata->archive_file_size & 01)
++filedata->archive_file_size;
name = get_archive_member_name (&arch, &nested_arch);
if (name == NULL)
@ -21894,7 +21892,7 @@ process_archive (Filedata * filedata, bool is_thin_archive)
filedata->file_name = qualified_name;
if (! process_object (filedata))
ret = false;
arch.next_arhdr_offset += filedata->archive_file_size;
arch.next_arhdr_offset += (filedata->archive_file_size + 1) & -2;
/* Stop looping with "negative" archive_file_size. */
if (arch.next_arhdr_offset < filedata->archive_file_size)
arch.next_arhdr_offset = -1ul;