binutils/binutils-CVE-2019-9075.patch

74 lines
2.3 KiB
Diff

diff -rup binutils.orig/bfd/archive64.c binutils-2.31.1/bfd/archive64.c
--- binutils.orig/bfd/archive64.c 2019-02-26 11:17:11.882530151 +0000
+++ binutils-2.31.1/bfd/archive64.c 2019-02-26 11:19:18.422488805 +0000
@@ -100,8 +100,6 @@ _bfd_archive_64_bit_slurp_armap (bfd *ab
return FALSE;
carsyms = ardata->symdefs;
stringbase = ((char *) ardata->symdefs) + carsym_size;
- stringbase[stringsize] = 0;
- stringend = stringbase + stringsize;
raw_armap = (bfd_byte *) bfd_alloc (abfd, ptrsize);
if (raw_armap == NULL)
@@ -115,15 +113,17 @@ _bfd_archive_64_bit_slurp_armap (bfd *ab
goto release_raw_armap;
}
+ stringend = stringbase + stringsize;
+ *stringend = 0;
for (i = 0; i < nsymz; i++)
{
carsyms->file_offset = bfd_getb64 (raw_armap + i * 8);
carsyms->name = stringbase;
- if (stringbase < stringend)
- stringbase += strlen (stringbase) + 1;
+ stringbase += strlen (stringbase);
+ if (stringbase != stringend)
+ ++stringbase;
++carsyms;
}
- *stringbase = '\0';
ardata->symdef_count = nsymz;
ardata->first_file_filepos = bfd_tell (abfd);
diff -rup binutils.orig/bfd/archive.c binutils-2.31.1/bfd/archive.c
--- binutils.orig/bfd/archive.c 2019-02-26 11:17:11.884530134 +0000
+++ binutils-2.31.1/bfd/archive.c 2019-02-26 11:18:33.354859687 +0000
@@ -1014,6 +1014,7 @@ do_slurp_coff_armap (bfd *abfd)
int *raw_armap, *rawptr;
struct artdata *ardata = bfd_ardata (abfd);
char *stringbase;
+ char *stringend;
bfd_size_type stringsize;
bfd_size_type parsed_size;
carsym *carsyms;
@@ -1073,22 +1074,20 @@ do_slurp_coff_armap (bfd *abfd)
}
/* OK, build the carsyms. */
- for (i = 0; i < nsymz && stringsize > 0; i++)
+ stringend = stringbase + stringsize;
+ *stringend = 0;
+ for (i = 0; i < nsymz; i++)
{
bfd_size_type len;
rawptr = raw_armap + i;
carsyms->file_offset = swap ((bfd_byte *) rawptr);
carsyms->name = stringbase;
- /* PR 17512: file: 4a1d50c1. */
- len = strnlen (stringbase, stringsize);
- if (len < stringsize)
- len ++;
- stringbase += len;
- stringsize -= len;
+ stringbase += strlen (stringbase);
+ if (stringbase != stringend)
+ ++stringbase;
carsyms++;
}
- *stringbase = 0;
ardata->symdef_count = nsymz;
ardata->first_file_filepos = bfd_tell (abfd);