summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlan Modra <amodra@bigpond.net.au>2007-07-26 12:34:43 +0000
committerAlan Modra <amodra@bigpond.net.au>2007-07-26 12:34:43 +0000
commit64ce13c75dd0e4f9deea0f5fc9466d73cb06ffcf (patch)
treebbe22cb6fff49f6ffe969b411d29a17df1f4661b
parent820e488d729b201b7cc548c8f2277b363dc4e4b0 (diff)
downloadbinutils-redhat-64ce13c75dd0e4f9deea0f5fc9466d73cb06ffcf.tar.gz
* srec.c (srec_get_section_contents): Return immediately on
count zero. Check that offset and count are within section. * libbfd.c (_bfd_generic_get_section_contents): Check that offset + count does not overflow.
-rw-r--r--bfd/ChangeLog5
-rw-r--r--bfd/libbfd.c3
-rw-r--r--bfd/srec.c12
3 files changed, 18 insertions, 2 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 9bef708ab1..19a7c49b4c 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,10 @@
2007-07-26 Alan Modra <amodra@bigpond.net.au>
+ * srec.c (srec_get_section_contents): Return immediately on
+ count zero. Check that offset and count are within section.
+ * libbfd.c (_bfd_generic_get_section_contents): Check that
+ offset + count does not overflow.
+
* srec.c (srec_canonicalize_symtab): Don't alloc when symcount
is zero. Correct return value on error.
* mmo.c (mmo_canonicalize_symtab): Likewise.
diff --git a/bfd/libbfd.c b/bfd/libbfd.c
index 33d9c017ab..bf49a2e1db 100644
--- a/bfd/libbfd.c
+++ b/bfd/libbfd.c
@@ -820,7 +820,8 @@ _bfd_generic_get_section_contents (bfd *abfd,
return TRUE;
sz = section->rawsize ? section->rawsize : section->size;
- if (offset + count > sz)
+ if (offset + count < count
+ || offset + count > sz)
{
bfd_set_error (bfd_error_invalid_operation);
return FALSE;
diff --git a/bfd/srec.c b/bfd/srec.c
index a5f588c231..ebb039bba3 100644
--- a/bfd/srec.c
+++ b/bfd/srec.c
@@ -781,10 +781,20 @@ srec_get_section_contents (bfd *abfd,
file_ptr offset,
bfd_size_type count)
{
+ if (count == 0)
+ return TRUE;
+
+ if (offset + count < count
+ || offset + count > section->size)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return FALSE;
+ }
+
if (section->used_by_bfd == NULL)
{
section->used_by_bfd = bfd_alloc (abfd, section->size);
- if (section->used_by_bfd == NULL && section->size != 0)
+ if (section->used_by_bfd == NULL)
return FALSE;
if (! srec_read_section (abfd, section, section->used_by_bfd))