From: Nick Clifton <nickc@redhat.com>
Date: Fri, 30 Jun 2023 10:18:42 +0000 (+0100)
Subject: Prevent an illegal memory access when running the strings program with an excessively... 
X-Git-Tag: binutils-2_41~97
X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fbinutils-gdb.git;a=commitdiff_plain;h=0d1cd7d97835941c046dbb7ec1c83bc7c05779e6

Prevent an illegal memory access when running the strings program with an excessively lerge minimum string length.

  PR 30595
  * strings.c (main): Check for an excessively large minimum string length.
---

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index bb58bc4c5d5..f06aba238bb 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2023-06-30  Nick Clifton  <nickc@redhat.com>
+
+	PR 30595
+	* strings.c (main): Check for an excessively large minimum string
+	length.
+
 2023-06-21  Nick Clifton  <nickc@redhat.com>
 
 	* testsuite/lib/binutils-common.exp (prune_warnings_extra): Prune
diff --git a/binutils/strings.c b/binutils/strings.c
index e2c1ead6bfd..f7214fc1228 100644
--- a/binutils/strings.c
+++ b/binutils/strings.c
@@ -315,8 +315,14 @@ main (int argc, char **argv)
       if (s != NULL && *s != 0)
 	fatal (_("invalid integer argument %s"), argv[numeric_opt - 1] + 1);
     }
+
   if (string_min < 1)
     fatal (_("invalid minimum string length %d"), string_min);
+  /* PR 30595: Look for excessive minimum string lengths.
+     The "(4 * string_min) + 1" is because this is the value
+     used to allocate space in print_unicode_stream().  */
+  else if (string_min == -1U || ((4 * string_min) + 1) == 0)
+    fatal (_("minimum string length %#x is too big"), string_min);
 
   switch (encoding)
     {