From: Nick Clifton Date: Thu, 15 Jun 2017 11:08:57 +0000 (+0100) Subject: Handle EITR records in VMS Alpha binaries with overlarge command length parameters. X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=76800cba595efc3fe95a446c2d664e42ae4ee869;p=binutils-gdb.git Handle EITR records in VMS Alpha binaries with overlarge command length parameters. PR binutils/21579 * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length. --- diff --git a/bfd/ChangeLog b/bfd/ChangeLog index bf7447cff97..f39dd090871 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2017-06-15 Nick Clifton + + PR binutils/21579 + * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length. + 2017-06-14 Max Filippov * elf32-xtensa.c (elf_xtensa_be_plt_entry, diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c index 0c2b546c943..38237cd0acd 100644 --- a/bfd/vms-alpha.c +++ b/bfd/vms-alpha.c @@ -1745,14 +1745,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info) ptr += 4; -#if VMS_DEBUG - _bfd_vms_debug (4, "etir: %s(%d)\n", - _bfd_vms_etir_name (cmd), cmd); - _bfd_hexdump (8, ptr, cmd_length - 4, 0); -#endif - - /* PR 21589: Check for a corrupt ETIR record. */ - if (cmd_length < 4) + /* PR 21589 and 21579: Check for a corrupt ETIR record. */ + if (cmd_length < 4 || (ptr + cmd_length > maxptr + 4)) { corrupt_etir: _bfd_error_handler (_("Corrupt ETIR record encountered")); @@ -1760,6 +1754,12 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info) return FALSE; } +#if VMS_DEBUG + _bfd_vms_debug (4, "etir: %s(%d)\n", + _bfd_vms_etir_name (cmd), cmd); + _bfd_hexdump (8, ptr, cmd_length - 4, 0); +#endif + switch (cmd) { /* Stack global