Fix an (almost) infinite loop in the tekhex parser.

author Nick Clifton <nickc@redhat.com>

Fri, 31 Oct 2014 18:00:55 +0000 (18:00 +0000)

committer Nick Clifton <nickc@redhat.com>

Fri, 31 Oct 2014 18:00:55 +0000 (18:00 +0000)
author Nick Clifton <nickc@redhat.com>
Fri, 31 Oct 2014 18:00:55 +0000 (18:00 +0000)
committer Nick Clifton <nickc@redhat.com>
Fri, 31 Oct 2014 18:00:55 +0000 (18:00 +0000)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index accbcc953ebbf2b2a4c7d4b52de2eba26d144b9e..d861257d510b60e8d04161e2808b951560cb5e1e 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -5,6 +5,7 @@
         symbol table bigger than the file.
         * elf.c (bfd_elf_get_str_section): Do not try to load a string
         table bigger than the file.
+       * tekhex.c (first_phase): Check that the section range is sane.
  
  2014-10-30  Nick Clifton  <nickc@redhat.com>
  
diff --git a/bfd/tekhex.c b/bfd/tekhex.c

index 2220d50c1e6a44f9b31ce00890f2b03f29d6e3d3..85f55931c3f2313bd2fb3eb661ecb00e64050b2e 100644 (file)
--- a/bfd/tekhex.c
+++ b/bfd/tekhex.c
@@ -403,6 +403,9 @@ first_phase (bfd *abfd, int type, char *src)
               if (!getvalue (&src, &val))
                 return FALSE;
               section->size = val - section->vma;
+             /* PR binutils/17512: Make sure that the size is sane.  */
+             if (section->size > (bfd_size_type) bfd_get_size (abfd))
+               return FALSE;
               section->flags = SEC_HAS_CONTENTS | SEC_LOAD | SEC_ALLOC;
               break;
             case '0':
author	Nick Clifton <nickc@redhat.com>
	Fri, 31 Oct 2014 18:00:55 +0000 (18:00 +0000)
committer	Nick Clifton <nickc@redhat.com>
	Fri, 31 Oct 2014 18:00:55 +0000 (18:00 +0000)
bfd/ChangeLog		patch \| blob \| history
bfd/tekhex.c		patch \| blob \| history