XCOFF uninitialized read

* coff-rs6000.c (_bfd_xcoff_slurp_armap): Ensure size is large enough to read number of symbols.
2020-03-20 10:57:38 +10:30 · 2020-03-20 10:57:38 +10:30 · 67338173a4
parent 340f3ac808
commit 67338173a4
2 changed files with 9 additions and 4 deletions
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@ -1,3 +1,8 @@
+2020-03-20  Alan Modra  <amodra@gmail.com>
+
+	* coff-rs6000.c (_bfd_xcoff_slurp_armap): Ensure size is large
+	enough to read number of symbols.
+
 2020-03-20  Alan Modra  <amodra@gmail.com>

 	* elf.c (_bfd_elf_setup_sections): Don't test known non-NULL
--- a/bfd/coff-rs6000.c
+++ b/bfd/coff-rs6000.c
@ -1260,9 +1260,9 @@ _bfd_xcoff_slurp_armap (bfd *abfd)
 	return FALSE;

      GET_VALUE_IN_FIELD (sz, hdr.size, 10);
-      if (sz == (bfd_size_type) -1)
+      if (sz + 1 < 5)
 	{
-	  bfd_set_error (bfd_error_no_memory);
+	  bfd_set_error (bfd_error_bad_value);
 	  return FALSE;
 	}

@ -1322,9 +1322,9 @@ _bfd_xcoff_slurp_armap (bfd *abfd)
 	return FALSE;

      GET_VALUE_IN_FIELD (sz, hdr.size, 10);
-      if (sz == (bfd_size_type) -1)
+      if (sz + 1 < 9)
 	{
-	  bfd_set_error (bfd_error_no_memory);
+	  bfd_set_error (bfd_error_bad_value);
 	  return FALSE;
 	}