PR24644, OOM-Bug in _bfd_archive_64_bit_slurp_armap
PR 24644 * archive64.c (_bfd_archive_64_bit_slurp_armap): Properly check for overflow in expressions involving nsymz.
This commit is contained in:
parent
7cd00957a5
commit
97b031c5d6
|
@ -1,3 +1,9 @@
|
|||
2019-08-07 Alan Modra <amodra@gmail.com>
|
||||
|
||||
PR 24644
|
||||
* archive64.c (_bfd_archive_64_bit_slurp_armap): Properly check
|
||||
for overflow in expressions involving nsymz.
|
||||
|
||||
2019-08-01 Ilia Diachkov <ilia.diachkov@optimitech.com>
|
||||
|
||||
* elfnn-riscv.c (_bfd_riscv_relax_lui): Set lui relax safety area to
|
||||
|
|
|
@ -90,7 +90,14 @@ _bfd_archive_64_bit_slurp_armap (bfd *abfd)
|
|||
ptrsize = 8 * nsymz;
|
||||
|
||||
amt = carsym_size + stringsize + 1;
|
||||
if (carsym_size < nsymz || ptrsize < nsymz || amt < nsymz)
|
||||
if (/* Catch overflow in stringsize (and ptrsize) expression. */
|
||||
nsymz >= (bfd_size_type) -1 / 8
|
||||
|| stringsize > parsed_size
|
||||
/* Catch overflow in carsym_size expression. */
|
||||
|| nsymz > (bfd_size_type) -1 / sizeof (carsym)
|
||||
/* Catch overflow in amt expression. */
|
||||
|| amt <= carsym_size
|
||||
|| amt <= stringsize)
|
||||
{
|
||||
bfd_set_error (bfd_error_malformed_archive);
|
||||
return FALSE;
|
||||
|
|
Loading…
Reference in New Issue