+2015-02-26 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * coffgrok.c (do_type): Check for an out of range tag index.
+ Check for integer overflow computing array dimension.
+ (do_define): Likewise.
+
2015-02-26 Andrew Burgess <andrew.burgess@embecosm.com>
* objcopy.c (init_section_add): Rename optarg to arg in order to
if (aux->x_sym.x_tagndx.p)
{
- unsigned int idx = INDEXOF (aux->x_sym.x_tagndx.p);
+ unsigned int idx;
+
+ /* PR 17512: file: e72f3988. */
+ if (aux->x_sym.x_tagndx.l < 0 || aux->x_sym.x_tagndx.p < rawsyms)
+ {
+ non_fatal (_("Invalid tag index %#lx encountered"), aux->x_sym.x_tagndx.l);
+ idx = 0;
+ }
+ else
+ idx = INDEXOF (aux->x_sym.x_tagndx.p);
if (idx >= rawcount)
{
++dimind;
ptr->type = coff_array_type;
- ptr->size = els * res->size;
+ /* PR 17512: file: ae1971e2.
+ Check for integer overflow. */
+ {
+ long long a, z;
+ a = els;
+ z = res->size;
+ a *= z;
+ ptr->size = (int) a;
+ if (ptr->size != a)
+ non_fatal (_("Out of range sum for els (%#x) * size (%#x)"), els, res->size);
+ }
ptr->u.array.dim = els;
ptr->u.array.array_of = res;
res = ptr;
if (!is->init)
{
is->low = s->where->offset;
- is->high = s->where->offset + s->type->size;
+ /* PR 17512: file: 37e7a80d.
+ Check for integer overflow computing low + size. */
+ {
+ long long a, z;
+
+ a = s->where->offset;
+ z = s->type->size;
+ a += z;
+ is->high = (int) a;
+ if (a != is->high)
+ non_fatal (_("Out of range sum for offset (%#x) + size (%#x)"),
+ is->low, s->type->size);
+ }
/* PR 17512: file: 37e7a80d. */
if (is->high < s->where->offset)
fatal (_("Out of range type size: %u"), s->type->size);
projects / external / binutils.git / commitdiff