This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
fix pr3704, srec_object_p vs archives
- From: Alan Modra <amodra at bigpond dot net dot au>
- To: binutils at sourceware dot org
- Date: Thu, 14 Dec 2006 13:27:35 +1030
- Subject: fix pr3704, srec_object_p vs archives
There is currently nothing to prevent bfd reading past the end of an
archive element into the header for the next archive element. With a
zero length element and cunningly devised filenames, it's possible to
fool srec_object_p into thinking that it has found an S-record file.
PR 3704
* bfdio.c (bfd_bread): Don't read past end of archive elements.
Index: bfd/bfdio.c
===================================================================
RCS file: /cvs/src/src/bfd/bfdio.c,v
retrieving revision 1.13
diff -u -p -r1.13 bfdio.c
--- bfd/bfdio.c 20 Nov 2006 02:09:56 -0000 1.13
+++ bfd/bfdio.c 14 Dec 2006 01:44:32 -0000
@@ -116,6 +116,15 @@ bfd_bread (void *ptr, bfd_size_type size
{
size_t nread;
+ /* If this is an archive element, don't read past the end of
+ this element. */
+ if (abfd->arelt_data != NULL)
+ {
+ size_t maxbytes = ((struct areltdata *) abfd->arelt_data)->parsed_size;
+ if (size > maxbytes)
+ size = maxbytes;
+ }
+
if ((abfd->flags & BFD_IN_MEMORY) != 0)
{
struct bfd_in_memory *bim;
--
Alan Modra
IBM OzLabs - Linux Technology Centre