PR 21840
* mach-o.c (bfd_mach_o_read_symtab_strtab): Fail if the symtab
size is -1.
* nlmcode.h (nlm_swap_auxiliary_headers_in): Replace assertion
with error return.
* section.c (bfd_make_section_with_flags): Fail if the name or bfd
are NULL.
* vms-alpha.c (bfd_make_section_with_flags): Correct computation
of end pointer.
(evax_bfd_print_emh): Check for invalid string lengths.
+2017-07-27 Nick Clifton <nickc@redhat.com>
+
+ PR 21840
+ * mach-o.c (bfd_mach_o_read_symtab_strtab): Fail if the symtab
+ size is -1.
+ * nlmcode.h (nlm_swap_auxiliary_headers_in): Replace assertion
+ with error return.
+ * section.c (bfd_make_section_with_flags): Fail if the name or bfd
+ are NULL.
+ * vms-alpha.c (bfd_make_section_with_flags): Correct computation
+ of end pointer.
+ (evax_bfd_print_emh): Check for invalid string lengths.
+
2017-07-25 Nick Clifton <nickc@redhat.com>
* po/fr.po: Updated French translation.
2017-07-25 Nick Clifton <nickc@redhat.com>
* po/fr.po: Updated French translation.
+ /* See PR 21840 for a reproducer. */
+ if ((sym->strsize + 1) == 0)
+ return FALSE;
sym->strtab = bfd_alloc (abfd, sym->strsize + 1);
if (sym->strtab == NULL)
return FALSE;
sym->strtab = bfd_alloc (abfd, sym->strsize + 1);
if (sym->strtab == NULL)
return FALSE;
bfd_byte *contents;
bfd_byte *p, *pend;
bfd_byte *contents;
bfd_byte *p, *pend;
- BFD_ASSERT (hdrLength == 0 && hdr == NULL);
+ /* See PR 21840 for a reproducer. */
+ if (hdrLength != 0 || hdr != NULL)
+ return FALSE;
pos = bfd_tell (abfd);
if (bfd_seek (abfd, dataOffset, SEEK_SET) != 0)
pos = bfd_tell (abfd);
if (bfd_seek (abfd, dataOffset, SEEK_SET) != 0)
struct section_hash_entry *sh;
asection *newsect;
struct section_hash_entry *sh;
asection *newsect;
- if (abfd->output_has_begun)
+ if (abfd == NULL || name == NULL || abfd->output_has_begun)
{
bfd_set_error (bfd_error_invalid_operation);
return NULL;
{
bfd_set_error (bfd_error_invalid_operation);
return NULL;
vms_rec = PRIV (recrd.rec);
/* PR 17512: file: 62736583. */
vms_rec = PRIV (recrd.rec);
/* PR 17512: file: 62736583. */
- end = vms_rec + PRIV (recrd.buf_size);
+ end = PRIV (recrd.buf) + PRIV (recrd.buf_size);
vms_debug2 ((2, "HDR/EMH\n"));
vms_debug2 ((2, "HDR/EMH\n"));
{
struct vms_emh_common *emh = (struct vms_emh_common *)rec;
unsigned int subtype;
{
struct vms_emh_common *emh = (struct vms_emh_common *)rec;
unsigned int subtype;
- subtype = (unsigned)bfd_getl16 (emh->subtyp);
+ subtype = (unsigned) bfd_getl16 (emh->subtyp);
/* xgettext:c-format */
fprintf (file, _(" EMH %u (len=%u): "), subtype, rec_len);
/* xgettext:c-format */
fprintf (file, _(" EMH %u (len=%u): "), subtype, rec_len);
fprintf (file, _(" Error: The length is less than the length of an EMH record\n"));
return;
}
fprintf (file, _(" Error: The length is less than the length of an EMH record\n"));
return;
}
+ extra = rec_len - sizeof (struct vms_emh_common);
+
switch (subtype)
{
case EMH__C_MHD:
{
switch (subtype)
{
case EMH__C_MHD:
{
- struct vms_emh_mhd *mhd = (struct vms_emh_mhd *)rec;
- const char *name;
+ struct vms_emh_mhd *mhd = (struct vms_emh_mhd *) rec;
+ const char * name;
+ const char * nextname;
+ const char * maxname;
+ /* PR 21840: Check for invalid lengths. */
+ if (rec_len < sizeof (* mhd))
+ {
+ fprintf (file, _(" Error: The record length is less than the size of an EMH_MHD record\n"));
+ return;
+ }
fprintf (file, _("Module header\n"));
fprintf (file, _(" structure level: %u\n"), mhd->strlvl);
fprintf (file, _(" max record size: %u\n"),
fprintf (file, _("Module header\n"));
fprintf (file, _(" structure level: %u\n"), mhd->strlvl);
fprintf (file, _(" max record size: %u\n"),
- (unsigned)bfd_getl32 (mhd->recsiz));
+ (unsigned) bfd_getl32 (mhd->recsiz));
name = (char *)(mhd + 1);
name = (char *)(mhd + 1);
+ maxname = (char *) rec + rec_len;
+ if (name > maxname - 2)
+ {
+ fprintf (file, _(" Error: The module name is missing\n"));
+ return;
+ }
+ nextname = name + name[0] + 1;
+ if (nextname >= maxname)
+ {
+ fprintf (file, _(" Error: The module name is too long\n"));
+ return;
+ }
fprintf (file, _(" module name : %.*s\n"), name[0], name + 1);
fprintf (file, _(" module name : %.*s\n"), name[0], name + 1);
+ name = nextname;
+ if (name > maxname - 2)
+ {
+ fprintf (file, _(" Error: The module version is missing\n"));
+ return;
+ }
+ nextname = name + name[0] + 1;
+ if (nextname >= maxname)
+ {
+ fprintf (file, _(" Error: The module version is too long\n"));
+ return;
+ }
fprintf (file, _(" module version : %.*s\n"), name[0], name + 1);
fprintf (file, _(" module version : %.*s\n"), name[0], name + 1);
- name += name[0] + 1;
- fprintf (file, _(" compile date : %.17s\n"), name);
+ name = nextname;
+ if ((maxname - name) < 17 && maxname[-1] != 0)
+ fprintf (file, _(" Error: The compile date is truncated\n"));
+ else
+ fprintf (file, _(" compile date : %.17s\n"), name);
- {
- fprintf (file, _("Language Processor Name\n"));
- fprintf (file, _(" language name: %.*s\n"),
- (int)(rec_len - sizeof (struct vms_emh_common)),
- (char *)rec + sizeof (struct vms_emh_common));
- }
+ fprintf (file, _("Language Processor Name\n"));
+ fprintf (file, _(" language name: %.*s\n"), extra, (char *)(emh + 1));
- {
- fprintf (file, _("Source Files Header\n"));
- fprintf (file, _(" file: %.*s\n"),
- (int)(rec_len - sizeof (struct vms_emh_common)),
- (char *)rec + sizeof (struct vms_emh_common));
- }
+ fprintf (file, _("Source Files Header\n"));
+ fprintf (file, _(" file: %.*s\n"), extra, (char *)(emh + 1));
- {
- fprintf (file, _("Title Text Header\n"));
- fprintf (file, _(" title: %.*s\n"),
- (int)(rec_len - sizeof (struct vms_emh_common)),
- (char *)rec + sizeof (struct vms_emh_common));
- }
+ fprintf (file, _("Title Text Header\n"));
+ fprintf (file, _(" title: %.*s\n"), extra, (char *)(emh + 1));
- {
- fprintf (file, _("Copyright Header\n"));
- fprintf (file, _(" copyright: %.*s\n"),
- (int)(rec_len - sizeof (struct vms_emh_common)),
- (char *)rec + sizeof (struct vms_emh_common));
- }
+ fprintf (file, _("Copyright Header\n"));
+ fprintf (file, _(" copyright: %.*s\n"), extra, (char *)(emh + 1));
default:
fprintf (file, _("unhandled emh subtype %u\n"), subtype);
break;
default:
fprintf (file, _("unhandled emh subtype %u\n"), subtype);
break;
-/* Copy sized string (string with fixed size) to new allocated area
- size is string size (size of record) */
+/* Copy sized string (string with fixed size) to new allocated area.
+ Size is string size (size of record). */
char *
_bfd_vms_save_sized_string (unsigned char *str, unsigned int size)
char *
_bfd_vms_save_sized_string (unsigned char *str, unsigned int size)
-/* Copy counted string (string with size at first byte) to new allocated area
- ptr points to size byte on entry */
+/* Copy counted string (string with size at first byte) to new allocated area.
+ PTR points to size byte on entry. */
char *
_bfd_vms_save_counted_string (unsigned char *ptr, unsigned int maxlen)
char *
_bfd_vms_save_counted_string (unsigned char *ptr, unsigned int maxlen)