PR24644, OOM-Bug in _bfd_archive_64_bit_slurp_armap

Alan Modra amodra@gmail.com
Wed Aug 7 09:30:00 GMT 2019


	PR 24644
	* archive64.c (_bfd_archive_64_bit_slurp_armap): Properly check
	for overflow in expressions involving nsymz.

diff --git a/bfd/archive64.c b/bfd/archive64.c
index 42f6ed92f0..a2c628e2b5 100644
--- a/bfd/archive64.c
+++ b/bfd/archive64.c
@@ -90,7 +90,14 @@ _bfd_archive_64_bit_slurp_armap (bfd *abfd)
   ptrsize = 8 * nsymz;
 
   amt = carsym_size + stringsize + 1;
-  if (carsym_size < nsymz || ptrsize < nsymz || amt < nsymz)
+  if (/* Catch overflow in stringsize (and ptrsize) expression.  */
+      nsymz >= (bfd_size_type) -1 / 8
+      || stringsize > parsed_size
+      /* Catch overflow in carsym_size expression.  */
+      || nsymz > (bfd_size_type) -1 / sizeof (carsym)
+      /* Catch overflow in amt expression.  */
+      || amt <= carsym_size
+      || amt <= stringsize)
     {
       bfd_set_error (bfd_error_malformed_archive);
       return FALSE;

-- 
Alan Modra
Australia Development Lab, IBM



More information about the Binutils mailing list