[patch] null ptr in srec_get_section_contents
Alan Modra
amodra@bigpond.net.au
Thu Jul 26 12:50:00 GMT 2007
On Wed, Jul 25, 2007 at 04:06:00PM -0700, msnyder@sonic.net wrote:
> Nothing to be done if section->size is zero, and we'll die on memcpy
> if the ptr is null.
Hmm, your patch doesn't make this function any worse, but really we
should be checking for nonsense input params, which will cover the
section->size == 0 case.
* srec.c (srec_get_section_contents): Return immediately on
count zero. Check that offset and count are within section.
* libbfd.c (_bfd_generic_get_section_contents): Check that
offset + count does not overflow.
Index: bfd/srec.c
===================================================================
RCS file: /cvs/src/src/bfd/srec.c,v
retrieving revision 1.43
diff -u -p -r1.43 srec.c
--- bfd/srec.c 26 Jul 2007 11:13:59 -0000 1.43
+++ bfd/srec.c 26 Jul 2007 12:18:09 -0000
@@ -781,10 +781,20 @@ srec_get_section_contents (bfd *abfd,
file_ptr offset,
bfd_size_type count)
{
+ if (count == 0)
+ return TRUE;
+
+ if (offset + count < count
+ || offset + count > section->size)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
+ }
+
if (section->used_by_bfd == NULL)
{
section->used_by_bfd = bfd_alloc (abfd, section->size);
- if (section->used_by_bfd == NULL && section->size != 0)
+ if (section->used_by_bfd == NULL)
return FALSE;
if (! srec_read_section (abfd, section, section->used_by_bfd))
Index: bfd/libbfd.c
===================================================================
RCS file: /cvs/src/src/bfd/libbfd.c,v
retrieving revision 1.47
diff -u -p -r1.47 libbfd.c
--- bfd/libbfd.c 3 Jul 2007 14:26:42 -0000 1.47
+++ bfd/libbfd.c 26 Jul 2007 12:31:51 -0000
@@ -820,7 +820,8 @@ _bfd_generic_get_section_contents (bfd *
return TRUE;
sz = section->rawsize ? section->rawsize : section->size;
- if (offset + count > sz)
+ if (offset + count < count
+ || offset + count > sz)
{
bfd_set_error (bfd_error_invalid_operation);
return FALSE;
--
Alan Modra
Australia Development Lab, IBM
More information about the Binutils
mailing list