mirror/binutils-gdb
2
0
Fork 0
mirror of https://sourceware.org/git/binutils-gdb.git synced 2025-01-18 12:24:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix address violations when reading corrupt VMS records.

Browse Source 
PR binutils/21618
	* vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
	length.
	(evax_bfd_print_eeom): Likewise.
	(evax_bfd_print_egsd): Check for an overlarge record length.
	(evax_bfd_print_etir): Likewise.
This commit is contained in:
Nick Clifton 2017-06-19 14:52:36 +01:00
parent 0f6d864de2
commit bc21b167eb
2 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
bfd/ChangeLog
View File

@ -1,3 +1,12 @@
2017-06-19 Nick Clifton <nickc@redhat.com>
PR binutils/21618
* vms-alpha.c (evax_bfd_print_emh): Check for insufficient record
length.
(evax_bfd_print_eeom): Likewise.
(evax_bfd_print_egsd): Check for an overlarge record length.
(evax_bfd_print_etir): Likewise.
2017-06-19 Nick Clifton <nickc@redhat.com>
PR binutils/21612

27
bfd/vms-alpha.c
View File

@ -5634,6 +5634,13 @@ evax_bfd_print_emh (FILE *file, unsigned char *rec, unsigned int rec_len)
/* xgettext:c-format */
fprintf (file, _(" EMH %u (len=%u): "), subtype, rec_len);
/* PR 21618: Check for invalid lengths. */
if (rec_len < sizeof (* emh))
{
fprintf (file, _(" Error: The length is less than the length of an EMH record\n"));
return;
}
switch (subtype)
{
case EMH__C_MHD:
@ -5697,6 +5704,14 @@ evax_bfd_print_eeom (FILE *file, unsigned char *rec, unsigned int rec_len)
struct vms_eeom *eeom = (struct vms_eeom *)rec;
fprintf (file, _(" EEOM (len=%u):\n"), rec_len);
/* PR 21618: Check for invalid lengths. */
if (rec_len < sizeof (* eeom))
{
fprintf (file, _(" Error: The length is less than the length of an EEOM record\n"));
return;
}
fprintf (file, _(" number of cond linkage pairs: %u\n"),
(unsigned)bfd_getl32 (eeom->total_lps));
fprintf (file, _(" completion code: %u\n"),
@ -5786,6 +5801,12 @@ evax_bfd_print_egsd (FILE *file, unsigned char *rec, unsigned int rec_len)
n, type, len);
n++;
if (off + len > rec_len || off + len < off)
{
fprintf (file, _(" Error: length larger than remaining space in record\n"));
return;
}
switch (type)
{
case EGSD__C_PSC:
@ -6031,6 +6052,12 @@ evax_bfd_print_etir (FILE *file, const char *name,
size = bfd_getl16 (etir->size);
buf = rec + off + sizeof (struct vms_etir);
if (off + size > rec_len || off + size < off)
{
fprintf (file, _(" Error: length larger than remaining space in record\n"));
return;
}
/* xgettext:c-format */
fprintf (file, _(" (type: %3u, size: 4+%3u): "), type, size - 4);
switch (type)