From 0d1cd7d97835941c046dbb7ec1c83bc7c05779e6 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Fri, 30 Jun 2023 11:18:42 +0100 Subject: [PATCH] Prevent an illegal memory access when running the strings program with an excessively lerge minimum string length. PR 30595 * strings.c (main): Check for an excessively large minimum string length. --- binutils/ChangeLog | 6 ++++++ binutils/strings.c | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/binutils/ChangeLog b/binutils/ChangeLog index bb58bc4c5d5..f06aba238bb 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,9 @@ +2023-06-30 Nick Clifton + + PR 30595 + * strings.c (main): Check for an excessively large minimum string + length. + 2023-06-21 Nick Clifton * testsuite/lib/binutils-common.exp (prune_warnings_extra): Prune diff --git a/binutils/strings.c b/binutils/strings.c index e2c1ead6bfd..f7214fc1228 100644 --- a/binutils/strings.c +++ b/binutils/strings.c @@ -315,8 +315,14 @@ main (int argc, char **argv) if (s != NULL && *s != 0) fatal (_("invalid integer argument %s"), argv[numeric_opt - 1] + 1); } + if (string_min < 1) fatal (_("invalid minimum string length %d"), string_min); + /* PR 30595: Look for excessive minimum string lengths. + The "(4 * string_min) + 1" is because this is the value + used to allocate space in print_unicode_stream(). */ + else if (string_min == -1U || ((4 * string_min) + 1) == 0) + fatal (_("minimum string length %#x is too big"), string_min); switch (encoding) { -- 2.30.2