OSDN -- Desarrollar y descargar software de código abierto
Translation Status of Español translation status for es
  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

Commit

Tags
No Tags

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

GNU Binutils with patches for OS216


Commit MetaInfo

Revisión07d22f648e56d7276fa7a4a73438005448c406fb (tree)
Tiempo2020-06-29 09:39:14
AutorAlan Modra <amodra@gmai...>
CommiterAlan Modra

Log Message

asan: _bfd_pei_slurp_codeview_record use of uninit value

Fixes some seriously careless code. bfd_bread return value is
(bfd_size_type)-1 on error. "if (bfd_bread (...) < 4)" does not check
for an error since bfd_size_type is unsigned. In any case, I think we
should be reading and checking the requested length.

* peXXigen.c (_bfd_XXi_slurp_codeview_record): Properly check
return value of bfd_bread. Don't read more than requested length.
Sanity check length. Properly terminate file name.

Cambiar Resumen

Diferencia incremental

--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,11 @@
11 2020-06-29 Alan Modra <amodra@gmail.com>
22
3+ * peXXigen.c (_bfd_XXi_slurp_codeview_record): Properly check
4+ return value of bfd_bread. Don't read more than requested length.
5+ Sanity check length. Properly terminate file name.
6+
7+2020-06-29 Alan Modra <amodra@gmail.com>
8+
39 * arc-got.h: Use C style comments.
410 * coff-z80.c: Likewise.
511 * elf32-csky.c: Likewise.
--- a/bfd/peXXigen.c
+++ b/bfd/peXXigen.c
@@ -1147,15 +1147,21 @@ CODEVIEW_INFO *
11471147 _bfd_XXi_slurp_codeview_record (bfd * abfd, file_ptr where, unsigned long length, CODEVIEW_INFO *cvinfo)
11481148 {
11491149 char buffer[256+1];
1150+ bfd_size_type nread;
11501151
11511152 if (bfd_seek (abfd, where, SEEK_SET) != 0)
11521153 return NULL;
11531154
1154- if (bfd_bread (buffer, 256, abfd) < 4)
1155+ if (length <= sizeof (CV_INFO_PDB70) && length <= sizeof (CV_INFO_PDB20))
1156+ return NULL;
1157+ if (length > 256)
1158+ length = 256;
1159+ nread = bfd_bread (buffer, length, abfd);
1160+ if (length != nread)
11551161 return NULL;
11561162
11571163 /* Ensure null termination of filename. */
1158- buffer[256] = '\0';
1164+ memset (buffer + nread, 0, sizeof (buffer) - nread);
11591165
11601166 cvinfo->CVSignature = H_GET_32 (abfd, buffer);
11611167 cvinfo->Age = 0;