Fix seg-fault in linker when passed a bogus input script.
authorNick Clifton <nickc@redhat.com>
Mon, 5 Dec 2016 16:00:43 +0000 (16:00 +0000)
committerNick Clifton <nickc@redhat.com>
Mon, 5 Dec 2016 16:00:43 +0000 (16:00 +0000)
PR ld/20906
* ldlex.l: Check for bogus strings in linker scripts.

ld/ChangeLog
ld/ldlex.l

index 3529834b01350f398a681217a7c7e6b91c800825..19e94e9088fc0843fbac41dd7e3846bc5e673f4e 100644 (file)
@@ -1,3 +1,8 @@
+2016-12-05  Nick Clifton  <nickc@redhat.com>
+
+       PR ld/20906
+       * ldlex.l: Check for bogus strings in linker scripts.
+
 2016-12-05  Alyssa Milburn <amilburn@zall.org>
 
        * testsuite/ld-sparc/wdispcall.s: New file.
index e1394a035762d7767a78c4f2eea17928a6839060..cd21c58e3dd852f81a7b21a83ba1286e4b38287b 100644 (file)
@@ -415,9 +415,15 @@ V_IDENTIFIER [*?.$_a-zA-Z\[\]\-\!\^\\]([*?.$_a-zA-Z0-9\[\]\-\!\^\\]|::)*
 
 <EXPRESSION,BOTH,SCRIPT,VERS_NODE,INPUTLIST>"\""[^\"]*"\"" {
                                        /* No matter the state, quotes
-                                          give what's inside */
+                                          give what's inside.  */
+                                       bfd_size_type len;
                                        yylval.name = xstrdup (yytext + 1);
-                                       yylval.name[yyleng - 2] = 0;
+                                       /* PR ld/20906.  A corrupt input file
+                                          can contain bogus strings.  */
+                                       len = strlen (yylval.name);
+                                       if (len > yyleng - 2)
+                                         len = yyleng - 2;
+                                       yylval.name[len] = 0;
                                        return NAME;
                                }
 <BOTH,SCRIPT,EXPRESSION>"\n"           { lineno++;}