projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9cb5694)
alpha-vms: prevent endless recursion
authorAlan Modra <amodra@gmail.com>
Sun, 1 Mar 2020 23:40:55 +0000 (10:10 +1030)
committerAlan Modra <amodra@gmail.com>
Mon, 2 Mar 2020 01:06:19 +0000 (11:36 +1030)
* vms-lib.c (vms_traverse_index): Add recur_count param and
update calls.  Fail on excessive recursion.

bfd/ChangeLog patch | blob | history
bfd/vms-lib.c patch | blob | history

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index f57c759c32a3c4b8c26bfb692b96fa4ee3e897cc..d37c2cd98d918877195b086f287058646931acb8 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2020-03-02  Alan Modra  <amodra@gmail.com>
+
+       * vms-lib.c (vms_traverse_index): Add recur_count param and
+       update calls.  Fail on excessive recursion.
+
 2020-03-02  Alan Modra  <amodra@gmail.com>
 
        * vms-alpha.c (vms_get_remaining_object_record): Use
diff --git a/bfd/vms-lib.c b/bfd/vms-lib.c
index 65fd70a720e51c27217b9dbe5186ea78c141e033..66a40bc91ca8bfbb078cb4ffeca57b1f5072e2ab 100644 (file)
--- a/bfd/vms-lib.c
+++ b/bfd/vms-lib.c
@@ -242,7 +242,8 @@ vms_write_block (bfd *abfd, unsigned int vbn, void *blk)
    If the entry is indirect, recurse.  */
 
 static bfd_boolean
-vms_traverse_index (bfd *abfd, unsigned int vbn, struct carsym_mem *cs)
+vms_traverse_index (bfd *abfd, unsigned int vbn, struct carsym_mem *cs,
+                   unsigned int recur_count)
 {
   struct vms_indexdef indexdef;
   file_ptr off;
@@ -250,6 +251,12 @@ vms_traverse_index (bfd *abfd, unsigned int vbn, struct carsym_mem *cs)
   unsigned char *endp;
   unsigned int n;
 
+  if (recur_count == 100)
+    {
+      bfd_set_error (bfd_error_bad_value);
+      return FALSE;
+    }
+
   /* Read the index block.  */
   BFD_ASSERT (sizeof (indexdef) == VMS_BLOCK_SIZE);
   if (!vms_read_block (abfd, vbn, &indexdef))
@@ -307,7 +314,7 @@ vms_traverse_index (bfd *abfd, unsigned int vbn, struct carsym_mem *cs)
       if (idx_off == RFADEF__C_INDEX)
        {
          /* Indirect entry.  Recurse.  */
-         if (!vms_traverse_index (abfd, idx_vbn, cs))
+         if (!vms_traverse_index (abfd, idx_vbn, cs, recur_count + 1))
            return FALSE;
        }
       else
@@ -454,7 +461,7 @@ vms_lib_read_index (bfd *abfd, int idx, unsigned int *nbrel)
 
   /* Note: if the index is empty, there is no block to traverse.  */
   vbn = bfd_getl32 (idd.vbn);
-  if (vbn != 0 && !vms_traverse_index (abfd, vbn, &csm))
+  if (vbn != 0 && !vms_traverse_index (abfd, vbn, &csm, 0))
     {
       if (csm.realloced)
        free (csm.idx);