XCOFF uninitialized read

author Alan Modra <amodra@gmail.com>

Fri, 20 Mar 2020 00:27:38 +0000 (10:57 +1030)

committer Alan Modra <amodra@gmail.com>

Fri, 20 Mar 2020 02:05:51 +0000 (12:35 +1030)
author Alan Modra <amodra@gmail.com>
Fri, 20 Mar 2020 00:27:38 +0000 (10:57 +1030)
committer Alan Modra <amodra@gmail.com>
Fri, 20 Mar 2020 02:05:51 +0000 (12:35 +1030)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index 6c2e26d24ef118b2324a96fefe5e4c43d0f60ded..e04f008779319e3fde07e6ab25488c20f76e8825 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2020-03-20  Alan Modra  <amodra@gmail.com>
+
+       * coff-rs6000.c (_bfd_xcoff_slurp_armap): Ensure size is large
+       enough to read number of symbols.
+
  2020-03-20  Alan Modra  <amodra@gmail.com>
  
         * elf.c (_bfd_elf_setup_sections): Don't test known non-NULL
diff --git a/bfd/coff-rs6000.c b/bfd/coff-rs6000.c

index 2dd68e08c3b8a3c0832798f9e56ab827740fd1a0..bf87596a4fe6da609c3a66f65d49e4063173ce3c 100644 (file)
--- a/bfd/coff-rs6000.c
+++ b/bfd/coff-rs6000.c
@@ -1260,9 +1260,9 @@ _bfd_xcoff_slurp_armap (bfd *abfd)
         return FALSE;
  
        GET_VALUE_IN_FIELD (sz, hdr.size, 10);
-      if (sz == (bfd_size_type) -1)
+      if (sz + 1 < 5)
         {
-         bfd_set_error (bfd_error_no_memory);
+         bfd_set_error (bfd_error_bad_value);
           return FALSE;
         }
  
@@ -1322,9 +1322,9 @@ _bfd_xcoff_slurp_armap (bfd *abfd)
         return FALSE;
  
        GET_VALUE_IN_FIELD (sz, hdr.size, 10);
-      if (sz == (bfd_size_type) -1)
+      if (sz + 1 < 9)
         {
-         bfd_set_error (bfd_error_no_memory);
+         bfd_set_error (bfd_error_bad_value);
           return FALSE;
         }
author	Alan Modra <amodra@gmail.com>
	Fri, 20 Mar 2020 00:27:38 +0000 (10:57 +1030)
committer	Alan Modra <amodra@gmail.com>
	Fri, 20 Mar 2020 02:05:51 +0000 (12:35 +1030)
bfd/ChangeLog		patch \| blob \| history
bfd/coff-rs6000.c		patch \| blob \| history