]> git.ipfire.org Git - thirdparty/binutils-gdb.git/commitdiff
projects / thirdparty / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3f0c336)
Proper bound check in _bfd_doprnt_scan
authorAlan Modra <amodra@gmail.com>
Sun, 5 Nov 2017 09:22:13 +0000 (19:52 +1030)
committerAlan Modra <amodra@gmail.com>
Sun, 5 Nov 2017 11:31:56 +0000 (22:01 +1030)
While an abort after storing out of bounds by one to an array in our
caller is probably OK in practice, it's better to check before storing.

PR 22397
* bfd.c (_bfd_doprnt_scan): Check args index before storing, not
after.

(cherry picked from commit 26a9301057457ae576b51b8127bb805b4e484a6b)

bfd/ChangeLog patch | blob | blame | history
bfd/bfd.c patch | blob | blame | history

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 3ddb1dce7364ba7768c7ee5d29dce16bed60d874..4ad3675763aea164e02b46967951b82c22e7d32d 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-11-05  Alan Modra  <amodra@gmail.com>
+
+       PR 22397
+       * bfd.c (_bfd_doprnt_scan): Check args index before storing, not
+       after.
+
 2017-11-05  Alan Modra  <amodra@gmail.com>
 
        PR 22397
diff --git a/bfd/bfd.c b/bfd/bfd.c
index 0bec897240c6142858e983f48ccfd9e07f69d393..3e882297e02cdd4dda77dd3c95caacb8150dd5d7 100644 (file)
--- a/bfd/bfd.c
+++ b/bfd/bfd.c
@@ -959,10 +959,10 @@ _bfd_doprnt_scan (const char *format, union _bfd_doprnt_args *args)
                  arg_index = *ptr - '1';
                  ptr += 2;
                }
+             if (arg_index >= 9)
+               abort ();
              args[arg_index].type = Int;
              arg_count++;
-             if (arg_count > 9)
-               abort ();
            }
          else
            /* Handle explicit numeric value.  */
@@ -984,10 +984,10 @@ _bfd_doprnt_scan (const char *format, union _bfd_doprnt_args *args)
                      arg_index = *ptr - '1';
                      ptr += 2;
                    }
+                 if (arg_index >= 9)
+                   abort ();
                  args[arg_index].type = Int;
                  arg_count++;
-                 if (arg_count > 9)
-                   abort ();
                }
              else
                /* Handle explicit numeric value.  */
@@ -1017,6 +1017,8 @@ _bfd_doprnt_scan (const char *format, union _bfd_doprnt_args *args)
          if ((int) arg_no < 0)
            arg_no = arg_count;
 
+         if (arg_no >= 9)
+           abort ();
          switch (ptr[-1])
            {
            case 'd':
@@ -1085,8 +1087,6 @@ _bfd_doprnt_scan (const char *format, union _bfd_doprnt_args *args)
              abort();
            }
          arg_count++;
-         if (arg_count > 9)
-           abort ();
        }
     }
 
A mirror of the official binutils-gdb repository