+2017-06-19 Nick Clifton <nickc@redhat.com>
+
+ PR 21615
+ * vms-alpha.c (_bfd_vms_slurp_egsd): Use unsigned int for
+ gsd_size. Check that there are enough bytes remaining to read the
+ type and size of the next egsd. Check that the size of the egsd
+ does not exceed the size of the record.
+
2017-06-19 Alan Modra <amodra@gmail.com>
* config.bfd: Correct targ_underscore for cris.
static bfd_boolean
_bfd_vms_slurp_egsd (bfd *abfd)
{
- int gsd_type, gsd_size;
+ int gsd_type;
+ unsigned int gsd_size;
unsigned char *vms_rec;
unsigned long base_addr;
/* Calculate base address for each section. */
base_addr = 0L;
- while (PRIV (recrd.rec_size) > 0)
+ while (PRIV (recrd.rec_size) > 4)
{
vms_rec = PRIV (recrd.rec);
vms_debug2 ((3, "egsd_type %d\n", gsd_type));
+ /* PR 21615: Check for size overflow. */
+ if (PRIV (recrd.rec_size) < gsd_size)
+ {
+ _bfd_error_handler (_("Corrupt EGSD record: size (%#x) is larger than remaining space (%#x)"),
+ gsd_size, PRIV (recrd.rec_size));
+ bfd_set_error (bfd_error_bad_value);
+ return FALSE;
+ }
+
switch (gsd_type)
{
case EGSD__C_PSC:
projects / binutils-gdb.git / commitdiff