if (bfd_seek (abfd, 0, SEEK_SET) != 0)
goto xcoff64_core_p_error;
- if (sizeof (struct core_dumpxx)
- != bfd_read (&core, sizeof (struct core_dumpxx), abfd))
+ if (sizeof core != bfd_read (&core, sizeof core, abfd))
goto xcoff64_core_p_error;
if (bfd_stat (abfd, &statbuf) < 0)
return NULL;
}
- new_core_hdr = bfd_zalloc (abfd, sizeof (struct core_dumpxx));
+ new_core_hdr = bfd_alloc (abfd, sizeof (*new_core_hdr) + 1);
if (NULL == new_core_hdr)
return NULL;
- memcpy (new_core_hdr, &core, sizeof (struct core_dumpxx));
- /* The core_hdr() macro is no longer used here because it would
- expand to code relying on gcc's cast-as-lvalue extension,
- which was removed in gcc 4.0. */
+ memcpy (new_core_hdr, &core, sizeof (*new_core_hdr));
+
+ /* Ensure core_file_failing_command string is terminated. This is
+ just to stop buffer overflows on fuzzed files. */
+ ((char *) new_core_hdr)[sizeof (*new_core_hdr)] = 0;
+
abfd->tdata.any = new_core_hdr;
/* .stack section. */
/* OK, we believe you. You're a core file. */
amt = sizeof (struct cisco_core_struct);
- abfd->tdata.cisco_core_data = (struct cisco_core_struct *) bfd_zmalloc (amt);
+ abfd->tdata.cisco_core_data = bfd_zalloc (abfd, amt);
if (abfd->tdata.cisco_core_data == NULL)
return NULL;
struct netbsd_core_struct
{
struct core core;
-} *rawptr;
+};
/* Handle NetBSD-style core dump file. */
asection *asect;
struct core core;
struct coreseg coreseg;
- size_t amt = sizeof core;
+ struct netbsd_core_struct *rawptr;
- val = bfd_read (&core, amt, abfd);
+ val = bfd_read (&core, sizeof core, abfd);
if (val != sizeof core)
{
/* Too small to be a core file. */
return 0;
}
- amt = sizeof (struct netbsd_core_struct);
- rawptr = (struct netbsd_core_struct *) bfd_zalloc (abfd, amt);
+ rawptr = bfd_alloc (abfd, sizeof (*rawptr) + 1);
if (rawptr == NULL)
return 0;
- rawptr->core = core;
abfd->tdata.netbsd_core_data = rawptr;
+ rawptr->core = core;
+ /* Ensure core_file_failing_command string is terminated. This is
+ just to stop buffer overflows on fuzzed files. */
+ ((char *) rawptr)[sizeof (*rawptr)] = 0;
offset = core.c_hdrsize;
for (i = 0; i < core.c_nseg; i++)
int val;
struct ptrace_user u;
struct trad_core_struct *rawptr;
- size_t amt;
flagword flags;
val = bfd_read (&u, sizeof u, abfd);
/* Allocate both the upage and the struct core_data at once, so
a single free() will free them both. */
- amt = sizeof (struct trad_core_struct);
- rawptr = (struct trad_core_struct *) bfd_zalloc (abfd, amt);
+ rawptr = bfd_alloc (abfd, sizeof (*rawptr) + 1);
if (rawptr == NULL)
return 0;
rawptr->u = u; /*Copy the uarea into the tdata part of the bfd */
+ /* Ensure core_file_failing_command string is terminated. This is
+ just to stop buffer overflows on fuzzed files. */
+ ((char *) rawptr)[sizeof (*rawptr)] = 0;
+
/* Create the sections. */
flags = SEC_ALLOC + SEC_LOAD + SEC_HAS_CONTENTS;
#else
size = sizeof (core.new_dump);
#endif
- tmpptr = (char *) bfd_zalloc (abfd, (bfd_size_type) size);
+ tmpptr = bfd_alloc (abfd, size + 1);
if (!tmpptr)
return NULL;
/* Copy core file header. */
memcpy (tmpptr, &core, size);
+ /* Ensure core_file_failing_command string is terminated. This is
+ just to stop buffer overflows on fuzzed files. */
+ tmpptr[size] = 0;
set_tdata (abfd, tmpptr);
/* Set architecture. */
int val;
struct user u;
struct trad_core_struct *rawptr;
- size_t amt;
flagword flags;
#ifdef TRAD_CORE_USER_OFFSET
/* Allocate both the upage and the struct core_data at once, so
a single free() will free them both. */
- amt = sizeof (struct trad_core_struct);
- rawptr = (struct trad_core_struct *) bfd_zmalloc (amt);
+ rawptr = bfd_alloc (abfd, sizeof (*rawptr) + 1);
if (rawptr == NULL)
return 0;
rawptr->u = u; /*Copy the uarea into the tdata part of the bfd */
+ /* Ensure core_file_failing_command string is terminated. This is
+ just to stop buffer overflows on fuzzed files. */
+ ((char *) rawptr)[sizeof (*rawptr)] = 0;
+
/* Create the sections. */
flags = SEC_ALLOC + SEC_LOAD + SEC_HAS_CONTENTS;
projects / thirdparty / binutils-gdb.git / commitdiff
