PR24644, OOM-Bug in _bfd_archive_64_bit_slurp_armap
Alan Modra
amodra@gmail.com
Wed Aug 7 09:30:00 GMT 2019
PR 24644
* archive64.c (_bfd_archive_64_bit_slurp_armap): Properly check
for overflow in expressions involving nsymz.
diff --git a/bfd/archive64.c b/bfd/archive64.c
index 42f6ed92f0..a2c628e2b5 100644
--- a/bfd/archive64.c
+++ b/bfd/archive64.c
@@ -90,7 +90,14 @@ _bfd_archive_64_bit_slurp_armap (bfd *abfd)
ptrsize = 8 * nsymz;
amt = carsym_size + stringsize + 1;
- if (carsym_size < nsymz || ptrsize < nsymz || amt < nsymz)
+ if (/* Catch overflow in stringsize (and ptrsize) expression. */
+ nsymz >= (bfd_size_type) -1 / 8
+ || stringsize > parsed_size
+ /* Catch overflow in carsym_size expression. */
+ || nsymz > (bfd_size_type) -1 / sizeof (carsym)
+ /* Catch overflow in amt expression. */
+ || amt <= carsym_size
+ || amt <= stringsize)
{
bfd_set_error (bfd_error_malformed_archive);
return FALSE;
--
Alan Modra
Australia Development Lab, IBM
More information about the Binutils
mailing list