Sanity check _bfd_coff_read_string_table
* coffgen.c (_bfd_coff_read_string_table): Catch overflows when calculating string table file location.
This commit is contained in:
parent
6329d1e13e
commit
472dd8b357
1 changed files with 12 additions and 3 deletions
|
@ -1662,8 +1662,10 @@ _bfd_coff_read_string_table (bfd *abfd)
|
||||||
char extstrsize[STRING_SIZE_SIZE];
|
char extstrsize[STRING_SIZE_SIZE];
|
||||||
bfd_size_type strsize;
|
bfd_size_type strsize;
|
||||||
char *strings;
|
char *strings;
|
||||||
file_ptr pos;
|
ufile_ptr pos;
|
||||||
ufile_ptr filesize;
|
ufile_ptr filesize;
|
||||||
|
size_t symesz;
|
||||||
|
size_t size;
|
||||||
|
|
||||||
if (obj_coff_strings (abfd) != NULL)
|
if (obj_coff_strings (abfd) != NULL)
|
||||||
return obj_coff_strings (abfd);
|
return obj_coff_strings (abfd);
|
||||||
|
@ -1674,9 +1676,16 @@ _bfd_coff_read_string_table (bfd *abfd)
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
symesz = bfd_coff_symesz (abfd);
|
||||||
pos = obj_sym_filepos (abfd);
|
pos = obj_sym_filepos (abfd);
|
||||||
pos += obj_raw_syment_count (abfd) * bfd_coff_symesz (abfd);
|
if (_bfd_mul_overflow (obj_raw_syment_count (abfd), symesz, &size)
|
||||||
if (bfd_seek (abfd, pos, SEEK_SET) != 0)
|
|| pos + size < pos)
|
||||||
|
{
|
||||||
|
bfd_set_error (bfd_error_file_truncated);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (bfd_seek (abfd, pos + size, SEEK_SET) != 0)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
if (bfd_bread (extstrsize, (bfd_size_type) sizeof extstrsize, abfd)
|
if (bfd_bread (extstrsize, (bfd_size_type) sizeof extstrsize, abfd)
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue