+2020-03-24 Alan Modra <amodra@gmail.com>
+
+ * archive.c (_bfd_generic_read_ar_hdr_mag): Sanity check extended
+ name size. Use bfd_malloc rather than bfd_zmalloc, clearing just
+ struct areltdata.
+
2020-03-23 Sebastian Huber <sebastian.huber@embedded-brains.de>
* elflink.c (_bfd_elf_tls_setup): Mention .tdata in comment.
bfd_size_type parsed_size;
struct areltdata *ared;
char *filename = NULL;
+ ufile_ptr filesize;
bfd_size_type namelen = 0;
bfd_size_type allocsize = sizeof (struct areltdata) + sizeof (struct ar_hdr);
char *allocptr = 0;
{
/* BSD-4.4 extended name */
namelen = atoi (&hdr.ar_name[3]);
+ filesize = bfd_get_file_size (abfd);
+ if (namelen > parsed_size
+ || namelen > -allocsize - 2
+ || (filesize != 0 && namelen > filesize))
+ {
+ bfd_set_error (bfd_error_malformed_archive);
+ return NULL;
+ }
allocsize += namelen + 1;
parsed_size -= namelen;
extra_size = namelen;
- allocptr = (char *) bfd_zmalloc (allocsize);
+ allocptr = (char *) bfd_malloc (allocsize);
if (allocptr == NULL)
return NULL;
filename = (allocptr
if (!allocptr)
{
- allocptr = (char *) bfd_zmalloc (allocsize);
+ allocptr = (char *) bfd_malloc (allocsize);
if (allocptr == NULL)
return NULL;
}
+ memset (allocptr, 0, sizeof (struct areltdata));
ared = (struct areltdata *) allocptr;
-
ared->arch_header = allocptr + sizeof (struct areltdata);
memcpy (ared->arch_header, &hdr, sizeof (struct ar_hdr));
ared->parsed_size = parsed_size;
projects / binutils-gdb.git / commitdiff