FreeChainXenon/binutils-gdb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Sanity check _bfd_coff_read_string_table

Browse source 
* coffgen.c (_bfd_coff_read_string_table): Catch overflows
	when calculating string table file location.
This commit is contained in:
Alan Modra 2021-07-30 12:56:22 +09:30
parent 6329d1e13e
commit 472dd8b357
1 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

15
bfd/coffgen.c
View file

@ -1662,8 +1662,10 @@ _bfd_coff_read_string_table (bfd *abfd)
char extstrsize[STRING_SIZE_SIZE]; char extstrsize[STRING_SIZE_SIZE];
bfd_size_type strsize; bfd_size_type strsize;
char *strings; char *strings;
file_ptr pos; ufile_ptr pos;
ufile_ptr filesize; ufile_ptr filesize;
size_t symesz;
size_t size;
if (obj_coff_strings (abfd) != NULL) if (obj_coff_strings (abfd) != NULL)
return obj_coff_strings (abfd); return obj_coff_strings (abfd);
@ -1674,9 +1676,16 @@ _bfd_coff_read_string_table (bfd *abfd)
return NULL; return NULL;
} }
symesz = bfd_coff_symesz (abfd);
pos = obj_sym_filepos (abfd); pos = obj_sym_filepos (abfd);
pos += obj_raw_syment_count (abfd) * bfd_coff_symesz (abfd); if (_bfd_mul_overflow (obj_raw_syment_count (abfd), symesz, &size)
if (bfd_seek (abfd, pos, SEEK_SET) != 0) || pos + size < pos)
{
bfd_set_error (bfd_error_file_truncated);
return NULL;
}
if (bfd_seek (abfd, pos + size, SEEK_SET) != 0)
return NULL; return NULL;
if (bfd_bread (extstrsize, (bfd_size_type) sizeof extstrsize, abfd) if (bfd_bread (extstrsize, (bfd_size_type) sizeof extstrsize, abfd)