From 7769fa97a0fe54a9455a9d96970373dbbf714458 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Tue, 22 Mar 2016 10:37:42 +0000 Subject: [PATCH] Fix possible unbounded stack use in peXXigen.c * peXXigen.c (_bfd_XXi_write_codeview_record): Fix possible unbounded stack use. --- bfd/ChangeLog | 3 +++ bfd/peXXigen.c | 14 +++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 6e393a3216..a34bc4663b 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,5 +1,8 @@ 2016-03-22 Nick Clifton + * peXXigen.c (_bfd_XXi_write_codeview_record): Fix possible + unbounded stack use. + * warning.m4 (GCC_WARN_CFLAGS): Only add -Wstack-usage if using a sufficiently recent version of GCC. * configure: Regenerate. diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c index b80f981c25..c92c1eaf5c 100644 --- a/bfd/peXXigen.c +++ b/bfd/peXXigen.c @@ -62,6 +62,7 @@ #include "libbfd.h" #include "coff/internal.h" #include "bfdver.h" +#include "libiberty.h" #ifdef HAVE_WCHAR_H #include #endif @@ -1195,13 +1196,15 @@ _bfd_XXi_slurp_codeview_record (bfd * abfd, file_ptr where, unsigned long length unsigned int _bfd_XXi_write_codeview_record (bfd * abfd, file_ptr where, CODEVIEW_INFO *cvinfo) { - unsigned int size = sizeof (CV_INFO_PDB70) + 1; + const bfd_size_type size = sizeof (CV_INFO_PDB70) + 1; + bfd_size_type written; CV_INFO_PDB70 *cvinfo70; - char buffer[size]; + char * buffer; if (bfd_seek (abfd, where, SEEK_SET) != 0) return 0; + buffer = xmalloc (size); cvinfo70 = (CV_INFO_PDB70 *) buffer; H_PUT_32 (abfd, CVINFO_PDB70_CVSIGNATURE, cvinfo70->CvSignature); @@ -1215,10 +1218,11 @@ _bfd_XXi_write_codeview_record (bfd * abfd, file_ptr where, CODEVIEW_INFO *cvinf H_PUT_32 (abfd, cvinfo->Age, cvinfo70->Age); cvinfo70->PdbFileName[0] = '\0'; - if (bfd_bwrite (buffer, size, abfd) != size) - return 0; + written = bfd_bwrite (buffer, size, abfd); - return size; + free (buffer); + + return written == size ? size : 0; } static char * dir_names[IMAGE_NUMBEROF_DIRECTORY_ENTRIES] =