Fix seg-fault in linker when passed a bogus input script.

	PR ld/20906
	* ldlex.l: Check for bogus strings in linker scripts.

diff --git a/ld/ChangeLog b/ld/ChangeLog
index 3529834..19e94e9 100644 (file)
--- a/ld/ChangeLog
+++ b/ld/ChangeLog
@@ -1,3 +1,8 @@
+2016-12-05  Nick Clifton  <nickc@redhat.com>
+
+       PR ld/20906
+       * ldlex.l: Check for bogus strings in linker scripts.
+
 2016-12-05  Alyssa Milburn <amilburn@zall.org>
 
        * testsuite/ld-sparc/wdispcall.s: New file.

diff --git a/ld/ldlex.l b/ld/ldlex.l
index e1394a0..cd21c58 100644 (file)
--- a/ld/ldlex.l
+++ b/ld/ldlex.l
@@ -415,9 +415,15 @@ V_IDENTIFIER [*?.$_a-zA-Z\[\]\-\!\^\\]([*?.$_a-zA-Z0-9\[\]\-\!\^\\]|::)*
 
 <EXPRESSION,BOTH,SCRIPT,VERS_NODE,INPUTLIST>"\""[^\"]*"\"" {
                                        /* No matter the state, quotes
-                                          give what's inside */
+                                          give what's inside.  */
+                                       bfd_size_type len;
                                        yylval.name = xstrdup (yytext + 1);
-                                       yylval.name[yyleng - 2] = 0;
+                                       /* PR ld/20906.  A corrupt input file
+                                          can contain bogus strings.  */
+                                       len = strlen (yylval.name);
+                                       if (len > yyleng - 2)
+                                         len = yyleng - 2;
+                                       yylval.name[len] = 0;
                                        return NAME;
                                }
 <BOTH,SCRIPT,EXPRESSION>"\n"           { lineno++;}