Fix seg-fault in the binutils utilities when reading a corrupt input file.

author Nick Clifton <nickc@redhat.com>

Mon, 5 Dec 2016 16:34:45 +0000 (16:34 +0000)

committer Nick Clifton <nickc@redhat.com>

Mon, 5 Dec 2016 16:34:45 +0000 (16:34 +0000)
author Nick Clifton <nickc@redhat.com>
Mon, 5 Dec 2016 16:34:45 +0000 (16:34 +0000)
committer Nick Clifton <nickc@redhat.com>
Mon, 5 Dec 2016 16:34:45 +0000 (16:34 +0000)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog

index 8dc48b347f6b1d64004794d8604875c3bcb4d7f4..9a7bfcd9b52a1175171dba2ce714ae99b87f861f 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -5,6 +5,10 @@
  
  2016-12-05  Nick Clifton  <nickc@redhat.com>
  
+       PR binutils/20905
+       * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+       the end of the string buffer.
+
         PR binutils/20907
         * peicode.h (pe_ILF_build_a_bfd): Replace abort with error return.
  
diff --git a/bfd/peicode.h b/bfd/peicode.h

index ee47a6779707a34b88abccecb3f32be6f2915ffc..5d55711293d62d3c942d6cd1e4ac45e813a005ba 100644 (file)
--- a/bfd/peicode.h
+++ b/bfd/peicode.h
@@ -1269,7 +1269,8 @@ pe_ILF_object_p (bfd * abfd)
      }
  
    symbol_name = (char *) ptr;
-  source_dll  = symbol_name + strlen (symbol_name) + 1;
+  /* See PR 20905 for an example of where the strnlen is necessary.  */
+  source_dll  = symbol_name + strnlen (symbol_name, size - 1) + 1;
  
    /* Verify that the strings are null terminated.  */
    if (ptr[size - 1] != 0
author	Nick Clifton <nickc@redhat.com>
	Mon, 5 Dec 2016 16:34:45 +0000 (16:34 +0000)
committer	Nick Clifton <nickc@redhat.com>
	Mon, 5 Dec 2016 16:34:45 +0000 (16:34 +0000)
bfd/ChangeLog		patch \| blob \| history
bfd/peicode.h		patch \| blob \| history