This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] Handle EITR records in VMS Alpha binaries with overlarge command length parameters.
- From: Nick Clifton <nickc at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 15 Jun 2017 11:09:59 -0000
- Subject: [binutils-gdb] Handle EITR records in VMS Alpha binaries with overlarge command length parameters.
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=76800cba595efc3fe95a446c2d664e42ae4ee869
commit 76800cba595efc3fe95a446c2d664e42ae4ee869
Author: Nick Clifton <nickc@redhat.com>
Date: Thu Jun 15 12:08:57 2017 +0100
Handle EITR records in VMS Alpha binaries with overlarge command length parameters.
PR binutils/21579
* vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
Diff:
---
bfd/ChangeLog | 5 +++++
bfd/vms-alpha.c | 16 ++++++++--------
2 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index bf7447c..f39dd09 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2017-06-15 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21579
+ * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
+
2017-06-14 Max Filippov <jcmvbkbc@gmail.com>
* elf32-xtensa.c (elf_xtensa_be_plt_entry,
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 0c2b546..38237cd 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -1745,14 +1745,8 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
ptr += 4;
-#if VMS_DEBUG
- _bfd_vms_debug (4, "etir: %s(%d)\n",
- _bfd_vms_etir_name (cmd), cmd);
- _bfd_hexdump (8, ptr, cmd_length - 4, 0);
-#endif
-
- /* PR 21589: Check for a corrupt ETIR record. */
- if (cmd_length < 4)
+ /* PR 21589 and 21579: Check for a corrupt ETIR record. */
+ if (cmd_length < 4 || (ptr + cmd_length > maxptr + 4))
{
corrupt_etir:
_bfd_error_handler (_("Corrupt ETIR record encountered"));
@@ -1760,6 +1754,12 @@ _bfd_vms_slurp_etir (bfd *abfd, struct bfd_link_info *info)
return FALSE;
}
+#if VMS_DEBUG
+ _bfd_vms_debug (4, "etir: %s(%d)\n",
+ _bfd_vms_etir_name (cmd), cmd);
+ _bfd_hexdump (8, ptr, cmd_length - 4, 0);
+#endif
+
switch (cmd)
{
/* Stack global