View | Details | Raw Unified | Return to bug 17533 | Differences between
and this patch

Collapse All | Expand All

(-)a/bfd/archive.c (-1 / +5 lines)
Lines 1293-1298 _bfd_slurp_extended_name_table (bfd *abfd) Link Here
1293
      amt = namedata->parsed_size;
1293
      amt = namedata->parsed_size;
1294
      if (amt + 1 == 0)
1294
      if (amt + 1 == 0)
1295
	goto byebye;
1295
	goto byebye;
1296
      /* PR binutils/17533: A corrupt archive can contain an invalid size.  */
1297
      if (amt > (bfd_size_type) bfd_get_size (abfd))
1298
	goto byebye;
1296
1299
1297
      bfd_ardata (abfd)->extended_names_size = amt;
1300
      bfd_ardata (abfd)->extended_names_size = amt;
1298
      bfd_ardata (abfd)->extended_names = (char *) bfd_zalloc (abfd, amt + 1);
1301
      bfd_ardata (abfd)->extended_names = (char *) bfd_zalloc (abfd, amt + 1);
Lines 1300-1305 _bfd_slurp_extended_name_table (bfd *abfd) Link Here
1300
	{
1303
	{
1301
	byebye:
1304
	byebye:
1302
	  free (namedata);
1305
	  free (namedata);
1306
	  bfd_ardata (abfd)->extended_names = NULL;
1307
	  bfd_ardata (abfd)->extended_names_size = 0;
1303
	  return FALSE;
1308
	  return FALSE;
1304
	}
1309
	}
1305
1310
Lines 1308-1314 _bfd_slurp_extended_name_table (bfd *abfd) Link Here
1308
	  if (bfd_get_error () != bfd_error_system_call)
1313
	  if (bfd_get_error () != bfd_error_system_call)
1309
	    bfd_set_error (bfd_error_malformed_archive);
1314
	    bfd_set_error (bfd_error_malformed_archive);
1310
	  bfd_release (abfd, (bfd_ardata (abfd)->extended_names));
1315
	  bfd_release (abfd, (bfd_ardata (abfd)->extended_names));
1311
	  bfd_ardata (abfd)->extended_names = NULL;
1312
	  goto byebye;
1316
	  goto byebye;
1313
	}
1317
	}
1314
1318

Return to bug 17533