char *
adjust_relative_path (const char *file_name, const char *name,
- int name_len)
+ unsigned long name_len)
{
char * member_file_name;
const char * base_name = lbasename (file_name);
+ size_t amt;
/* This is a proxy entry for a thin archive member.
If the extended name table contains an absolute path
archive is located. */
if (IS_ABSOLUTE_PATH (name) || base_name == file_name)
{
- member_file_name = (char *) malloc (name_len + 1);
+ amt = name_len + 1;
+ if (amt == 0)
+ return NULL;
+ member_file_name = (char *) malloc (amt);
if (member_file_name == NULL)
{
error (_("Out of memory\n"));
/* Concatenate the path components of the archive file name
to the relative path name from the extended name table. */
size_t prefix_len = base_name - file_name;
- member_file_name = (char *) malloc (prefix_len + name_len + 1);
+
+ amt = prefix_len + name_len + 1;
+ /* PR 17531: file: 2896dc8b
+ Catch wraparound. */
+ if (amt < prefix_len || amt < name_len)
+ {
+ error (_("Abnormal length of thin archive member name: %lx\n"),
+ name_len);
+ return NULL;
+ }
+
+ member_file_name = (char *) malloc (amt);
if (member_file_name == NULL)
{
error (_("Out of memory\n"));
unsigned long size;
size = strtoul (arch->arhdr.ar_size, NULL, 10);
+ /* PR 17531: file: 912bd7de. */
+ if ((signed long) size < 0)
+ {
+ error (_("%s: invalid archive header size: %ld\n"),
+ arch->file_name, size);
+ return FALSE;
+ }
+
size = size + (size & 1);
arch->next_arhdr_offset += sizeof arch->arhdr + size;
{
/* This is the archive string table holding long member names. */
arch->longnames_size = strtoul (arch->arhdr.ar_size, NULL, 10);
+ /* PR 17531: file: 01068045. */
+ if (arch->longnames_size < 8)
+ {
+ error (_("%s: long name table is too small, (size = %ld)\n"),
+ file_name, arch->longnames_size);
+ return 1;
+ }
arch->next_arhdr_offset += sizeof arch->arhdr + arch->longnames_size;
- arch->longnames = (char *) malloc (arch->longnames_size);
+ /* Plus one to allow for a string terminator. */
+ arch->longnames = (char *) malloc (arch->longnames_size + 1);
if (arch->longnames == NULL)
{
error (_("Out of memory reading long symbol names in archive\n"));
if (arch->is_thin_archive && endp != NULL && * endp == ':')
arch->nested_member_origin = strtoul (endp + 1, NULL, 10);
+ if (j > arch->longnames_size)
+ {
+ error (_("Found long name index (%ld) beyond end of long name table\n"),j);
+ return NULL;
+ }
while ((j < arch->longnames_size)
&& (arch->longnames[j] != '\n')
&& (arch->longnames[j] != '\0'))
j++;
- if (arch->longnames[j-1] == '/')
+ if (j > 0 && arch->longnames[j-1] == '/')
j--;
+ if (j > arch->longnames_size)
+ j = arch->longnames_size;
arch->longnames[j] = '\0';
if (!arch->is_thin_archive || arch->nested_member_origin == 0)
return arch->longnames + k;
+ /* PR 17531: file: 2896dc8b. */
+ if (k >= j)
+ {
+ error (_("Invalid Thin archive member name\n"));
+ return NULL;
+ }
+
/* This is a proxy for a member of a nested archive.
Find the name of the member in that archive. */
member_file_name = adjust_relative_path (arch->file_name,
error (_("%s: unable to dump the index as none was found\n"), file_name);
else
{
- unsigned int i, l;
+ unsigned long i, l;
unsigned long current_pos;
- printf (_("Index of archive %s: (%ld entries, 0x%lx bytes in the symbol table)\n"),
- file_name, (long) arch.index_num, arch.sym_size);
+ printf (_("Index of archive %s: (%lu entries, 0x%lx bytes in the symbol table)\n"),
+ file_name, (unsigned long) arch.index_num, arch.sym_size);
current_pos = ftell (file);
for (i = l = 0; i < arch.index_num; i++)
file_name);
break;
}
- printf ("\t%s\n", arch.sym_table + l);
- l += strlen (arch.sym_table + l) + 1;
+ /* PR 17531: file: 0b6630b2. */
+ printf ("\t%.*s\n", (int) (arch.sym_size - l), arch.sym_table + l);
+ l += strnlen (arch.sym_table + l, arch.sym_size - l) + 1;
}
if (arch.uses_64bit_indicies)
projects / binutils-gdb.git / commitdiff