readelf: catch archive_file_size of -1

Fuzzers might put -1 in arhdr.ar_size.  If the size is rounded up to
and even number of bytes we get zero.

	* readelf.c (process_archive): Don't round up archive_file_size.
	Do round up next_arhdr_offset calculation.

diff --git a/binutils/readelf.c b/binutils/readelf.c
index 5682837ed7b38df440dfaa8c6e13c21d61ebed8e..bd16fcc77add1d758e0e9050e5cfaab7060a4511 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -21789,8 +21789,6 @@ process_archive (Filedata * filedata, bool is_thin_archive)
       arch.next_arhdr_offset += sizeof arch.arhdr;
 
       filedata->archive_file_size = strtoul (arch.arhdr.ar_size, NULL, 10);
-      if (filedata->archive_file_size & 01)
-       ++filedata->archive_file_size;
 
       name = get_archive_member_name (&arch, &nested_arch);
       if (name == NULL)
@@ -21894,7 +21892,7 @@ process_archive (Filedata * filedata, bool is_thin_archive)
          filedata->file_name = qualified_name;
          if (! process_object (filedata))
            ret = false;
-         arch.next_arhdr_offset += filedata->archive_file_size;
+         arch.next_arhdr_offset += (filedata->archive_file_size + 1) & -2;
          /* Stop looping with "negative" archive_file_size.  */
          if (arch.next_arhdr_offset < filedata->archive_file_size)
            arch.next_arhdr_offset = -1ul;