While an abort after storing out of bounds by one to an array in our
caller is probably OK in practice, it's better to check before storing.
PR 22397
* bfd.c (_bfd_doprnt_scan): Check args index before storing, not
after.
2017-11-05 Alan Modra <amodra@gmail.com>
PR 22397
+ * bfd.c (_bfd_doprnt_scan): Check args index before storing, not
+ after.
+
+2017-11-05 Alan Modra <amodra@gmail.com>
+
+ PR 22397
* bfd.c (union _bfd_doprnt_args): New.
(PRINT_TYPE): Add FIELD arg. Take value from args.
(_bfd_doprnt): Replace ap parameter with args. Adjust all
arg_index = *ptr - '1';
ptr += 2;
}
+ if (arg_index >= 9)
+ abort ();
args[arg_index].type = Int;
arg_count++;
- if (arg_count > 9)
- abort ();
}
else
/* Handle explicit numeric value. */
arg_index = *ptr - '1';
ptr += 2;
}
+ if (arg_index >= 9)
+ abort ();
args[arg_index].type = Int;
arg_count++;
- if (arg_count > 9)
- abort ();
}
else
/* Handle explicit numeric value. */
if ((int) arg_no < 0)
arg_no = arg_count;
+ if (arg_no >= 9)
+ abort ();
switch (ptr[-1])
{
case 'd':
abort();
}
arg_count++;
- if (arg_count > 9)
- abort ();
}
}
projects / external / binutils.git / commitdiff