Fix address violation parsing a corrupt texhex format file.

author Nick Clifton <nickc@redhat.com>

Mon, 26 Jun 2017 14:46:34 +0000 (15:46 +0100)

committer Nick Clifton <nickc@redhat.com>

Mon, 26 Jun 2017 14:46:34 +0000 (15:46 +0100)
author Nick Clifton <nickc@redhat.com>
Mon, 26 Jun 2017 14:46:34 +0000 (15:46 +0100)
committer Nick Clifton <nickc@redhat.com>
Mon, 26 Jun 2017 14:46:34 +0000 (15:46 +0100)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index 8a4352f4944d25045b14e127d3312479ca836f87..6cf71c32a2fab965b8955ced520ddfadc21fb6ff 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-06-26  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21670
+       * tekhex.c (getvalue): Check for the source pointer exceeding the
+       end pointer before the first byte is read.
+
  2017-06-26  Nick Clifton  <nickc@redhat.com>
  
         PR binutils/21665
diff --git a/bfd/tekhex.c b/bfd/tekhex.c

index 214b54a8177b8f70ad6b38d75f0899a209a0eead..cfa75d53c87233fb81672a2f9f3142eeafa93a24 100644 (file)
--- a/bfd/tekhex.c
+++ b/bfd/tekhex.c
@@ -273,6 +273,9 @@ getvalue (char **srcp, bfd_vma *valuep, char * endp)
    bfd_vma value = 0;
    unsigned int len;
  
+  if (src >= endp)
+    return FALSE;
+
    if (!ISHEX (*src))
      return FALSE;
  
@@ -514,9 +517,10 @@ pass_over (bfd *abfd, bfd_boolean (*func) (bfd *, int, char *, char *))
    /* To the front of the file.  */
    if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0)
      return FALSE;
+
    while (! is_eof)
      {
-      char src[MAXCHUNK];
+      static char src[MAXCHUNK];
        char type;
  
        /* Find first '%'.  */
author	Nick Clifton <nickc@redhat.com>
	Mon, 26 Jun 2017 14:46:34 +0000 (15:46 +0100)
committer	Nick Clifton <nickc@redhat.com>
	Mon, 26 Jun 2017 14:46:34 +0000 (15:46 +0100)
bfd/ChangeLog		patch \| blob \| history
bfd/tekhex.c		patch \| blob \| history