+2015-11-18 Alan Modra <amodra@gmail.com>
+
+ PR 19256
+ * archive.c (bfd_generic_openr_next_archived_file): Don't allow
+ backward file movement via "negative" sizes.
+ * coff-alpha.c (alpha_ecoff_openr_next_archived_file): Likewise.
+
2015-11-18 Tristan Gingold <gingold@adacore.com>
* mach-o.h (struct mach_o_data_struct): Add hdr_offset field.
bfd *
bfd_generic_openr_next_archived_file (bfd *archive, bfd *last_file)
{
- file_ptr filestart;
+ ufile_ptr filestart;
if (!last_file)
filestart = bfd_ardata (archive)->first_file_filepos;
else
{
- bfd_size_type size = arelt_size (last_file);
-
filestart = last_file->proxy_origin;
if (! bfd_is_thin_archive (archive))
- filestart += size;
- /* Pad to an even boundary...
- Note that last_file->origin can be odd in the case of
- BSD-4.4-style element with a long odd size. */
- filestart += filestart % 2;
+ {
+ bfd_size_type size = arelt_size (last_file);
+
+ filestart += size;
+ /* Pad to an even boundary...
+ Note that last_file->origin can be odd in the case of
+ BSD-4.4-style element with a long odd size. */
+ filestart += filestart % 2;
+ if (filestart <= last_file->proxy_origin)
+ {
+ /* Prevent looping. See PR19256. */
+ bfd_set_error (bfd_error_malformed_archive);
+ return NULL;
+ }
+ }
}
return _bfd_get_elt_at_filepos (archive, filestart);
static bfd *
alpha_ecoff_openr_next_archived_file (bfd *archive, bfd *last_file)
{
- file_ptr filestart;
+ ufile_ptr filestart;
if (last_file == NULL)
filestart = bfd_ardata (archive)->first_file_filepos;
BSD-4.4-style element with a long odd size. */
filestart = last_file->proxy_origin + size;
filestart += filestart % 2;
+ if (filestart <= last_file->proxy_origin)
+ {
+ /* Prevent looping. See PR19256. */
+ bfd_set_error (bfd_error_malformed_archive);
+ return NULL;
+ }
}
return alpha_ecoff_get_elt_at_filepos (archive, filestart);
projects / binutils-gdb.git / commitdiff