Sanity check _bfd_coff_read_string_table
Alan Modra
amodra@gmail.com
Fri Jul 30 06:10:57 GMT 2021
* coffgen.c (_bfd_coff_read_string_table): Catch overflows
when calculating string table file location.
diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index 017d4c31a4e..ca936828468 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1662,8 +1662,10 @@ _bfd_coff_read_string_table (bfd *abfd)
char extstrsize[STRING_SIZE_SIZE];
bfd_size_type strsize;
char *strings;
- file_ptr pos;
+ ufile_ptr pos;
ufile_ptr filesize;
+ size_t symesz;
+ size_t size;
if (obj_coff_strings (abfd) != NULL)
return obj_coff_strings (abfd);
@@ -1674,9 +1676,16 @@ _bfd_coff_read_string_table (bfd *abfd)
return NULL;
}
+ symesz = bfd_coff_symesz (abfd);
pos = obj_sym_filepos (abfd);
- pos += obj_raw_syment_count (abfd) * bfd_coff_symesz (abfd);
- if (bfd_seek (abfd, pos, SEEK_SET) != 0)
+ if (_bfd_mul_overflow (obj_raw_syment_count (abfd), symesz, &size)
+ || pos + size < pos)
+ {
+ bfd_set_error (bfd_error_file_truncated);
+ return NULL;
+ }
+
+ if (bfd_seek (abfd, pos + size, SEEK_SET) != 0)
return NULL;
if (bfd_bread (extstrsize, (bfd_size_type) sizeof extstrsize, abfd)
--
Alan Modra
Australia Development Lab, IBM
More information about the Binutils
mailing list