From: Alan Modra Date: Fri, 20 Mar 2020 00:27:38 +0000 (+1030) Subject: XCOFF uninitialized read X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=67338173a49204a2097ca1e2c63c6bc1fe972c3e;p=binutils-gdb.git XCOFF uninitialized read * coff-rs6000.c (_bfd_xcoff_slurp_armap): Ensure size is large enough to read number of symbols. --- diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 6c2e26d24ef..e04f0087793 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2020-03-20 Alan Modra + + * coff-rs6000.c (_bfd_xcoff_slurp_armap): Ensure size is large + enough to read number of symbols. + 2020-03-20 Alan Modra * elf.c (_bfd_elf_setup_sections): Don't test known non-NULL diff --git a/bfd/coff-rs6000.c b/bfd/coff-rs6000.c index 2dd68e08c3b..bf87596a4fe 100644 --- a/bfd/coff-rs6000.c +++ b/bfd/coff-rs6000.c @@ -1260,9 +1260,9 @@ _bfd_xcoff_slurp_armap (bfd *abfd) return FALSE; GET_VALUE_IN_FIELD (sz, hdr.size, 10); - if (sz == (bfd_size_type) -1) + if (sz + 1 < 5) { - bfd_set_error (bfd_error_no_memory); + bfd_set_error (bfd_error_bad_value); return FALSE; } @@ -1322,9 +1322,9 @@ _bfd_xcoff_slurp_armap (bfd *abfd) return FALSE; GET_VALUE_IN_FIELD (sz, hdr.size, 10); - if (sz == (bfd_size_type) -1) + if (sz + 1 < 9) { - bfd_set_error (bfd_error_no_memory); + bfd_set_error (bfd_error_bad_value); return FALSE; }