This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
PR24644, OOM-Bug in _bfd_archive_64_bit_slurp_armap
- From: Alan Modra <amodra at gmail dot com>
- To: binutils at sourceware dot org
- Date: Wed, 7 Aug 2019 19:00:41 +0930
- Subject: PR24644, OOM-Bug in _bfd_archive_64_bit_slurp_armap
PR 24644
* archive64.c (_bfd_archive_64_bit_slurp_armap): Properly check
for overflow in expressions involving nsymz.
diff --git a/bfd/archive64.c b/bfd/archive64.c
index 42f6ed92f0..a2c628e2b5 100644
--- a/bfd/archive64.c
+++ b/bfd/archive64.c
@@ -90,7 +90,14 @@ _bfd_archive_64_bit_slurp_armap (bfd *abfd)
ptrsize = 8 * nsymz;
amt = carsym_size + stringsize + 1;
- if (carsym_size < nsymz || ptrsize < nsymz || amt < nsymz)
+ if (/* Catch overflow in stringsize (and ptrsize) expression. */
+ nsymz >= (bfd_size_type) -1 / 8
+ || stringsize > parsed_size
+ /* Catch overflow in carsym_size expression. */
+ || nsymz > (bfd_size_type) -1 / sizeof (carsym)
+ /* Catch overflow in amt expression. */
+ || amt <= carsym_size
+ || amt <= stringsize)
{
bfd_set_error (bfd_error_malformed_archive);
return FALSE;
--
Alan Modra
Australia Development Lab, IBM