OpenE2K
/
binutils-gdb
12
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix access violation disassembling a corrupt VMS binary. 

PR binutils/21611
	* vms-alpha.c (_bfd_vms_slurp_eihs): Check for invalid offset
	before reading the EIHS structure entries.
This commit is contained in:
Nick Clifton 2017-06-19 13:01:57 +01:00
parent 16b7a71998
commit 80053e466b
2 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bfd/ChangeLog
View File

@ -1,6 +1,12 @@
2017-06-19 Nick Clifton <nickc@redhat.com>
PR 21615
PR binutils/21611
* vms-alpha.c (_bfd_vms_slurp_eihs): Check for invalid offset
before reading the EIHS structure entries.
2017-06-19 Nick Clifton <nickc@redhat.com>
PR binutils/21615
* vms-alpha.c (_bfd_vms_slurp_egsd): Use unsigned int for
gsd_size. Check that there are enough bytes remaining to read the
type and size of the next egsd. Check that the size of the egsd

27
bfd/vms-alpha.c
View File

@ -622,14 +622,29 @@ static bfd_boolean
_bfd_vms_slurp_eihs (bfd *abfd, unsigned int offset)
{
unsigned char *p = PRIV (recrd.rec) + offset;
unsigned int gstvbn = bfd_getl32 (p + EIHS__L_GSTVBN);
unsigned int gstsize ATTRIBUTE_UNUSED = bfd_getl32 (p + EIHS__L_GSTSIZE);
unsigned int dstvbn = bfd_getl32 (p + EIHS__L_DSTVBN);
unsigned int dstsize = bfd_getl32 (p + EIHS__L_DSTSIZE);
unsigned int dmtvbn = bfd_getl32 (p + EIHS__L_DMTVBN);
unsigned int dmtbytes = bfd_getl32 (p + EIHS__L_DMTBYTES);
unsigned int gstvbn;
unsigned int gstsize ATTRIBUTE_UNUSED;
unsigned int dstvbn;
unsigned int dstsize;
unsigned int dmtvbn;
unsigned int dmtbytes;
asection *section;
/* PR 21611: Check that offset is valid. */
if (offset > PRIV (recrd.rec_size) - (EIHS__L_DMTBYTES + 4))
{
_bfd_error_handler (_("Unable to read EIHS record at offset %#x"), offset);
bfd_set_error (bfd_error_file_truncated);
return FALSE;
}
gstvbn = bfd_getl32 (p + EIHS__L_GSTVBN);
gstsize = bfd_getl32 (p + EIHS__L_GSTSIZE);
dstvbn = bfd_getl32 (p + EIHS__L_DSTVBN);
dstsize = bfd_getl32 (p + EIHS__L_DSTSIZE);
dmtvbn = bfd_getl32 (p + EIHS__L_DMTVBN);
dmtbytes = bfd_getl32 (p + EIHS__L_DMTBYTES);
#if VMS_DEBUG
vms_debug (8, "_bfd_vms_slurp_ihs\n");
vms_debug (4, "EIHS record gstvbn %d gstsize %d dstvbn %d dstsize %d dmtvbn %d dmtbytes %d\n",