From 61e8a5ea173059baf957e65885fbaa3613cc6076 Mon Sep 17 00:00:00 2001 From: Nathan Sidwell Date: Wed, 23 Jun 2010 10:21:16 +0000 Subject: [PATCH] * archive64.c (bfd_elf64_archive_write_armap): Fix buffer overrun when scaning map. --- bfd/ChangeLog | 5 +++++ bfd/archive64.c | 12 ++++++------ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index d73bb9423b3..41b6cb9714b 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,8 @@ +2010-06-23 Nathan Sidwell + + * archive64.c (bfd_elf64_archive_write_armap): Fix buffer overrun + when scaning map. + 2010-06-17 Tristan Gingold * Makefile.am (BFD32_BACKENDS_CFILES): Move vms-alpha.c to ... diff --git a/bfd/archive64.c b/bfd/archive64.c index 067fbb921e1..bbc4c3f72f9 100644 --- a/bfd/archive64.c +++ b/bfd/archive64.c @@ -194,27 +194,27 @@ bfd_elf64_archive_write_armap (bfd *arch, /* Write out the file offset for the file associated with each symbol, and remember to keep the offsets padded out. */ - - current = arch->archive_head; count = 0; - while (current != NULL && count < symbol_count) + for (current = arch->archive_head; + current != NULL && count < symbol_count; + current = current->archive_next) { /* For each symbol which is used defined in this object, write out the object file's address in the archive */ - while (map[count].u.abfd == current) + for (; + count < symbol_count && map[count].u.abfd == current; + count++) { bfd_putb64 ((bfd_vma) archive_member_file_ptr, buf); if (bfd_bwrite (buf, 8, arch) != 8) return FALSE; - count++; } /* Add size of this archive entry */ archive_member_file_ptr += (arelt_size (current) + sizeof (struct ar_hdr)); /* remember about the even alignment */ archive_member_file_ptr += archive_member_file_ptr % 2; - current = current->archive_next; } /* now write the strings themselves */ -- 2.30.2