Fix possible unbounded stack use in peXXigen.c

* peXXigen.c (_bfd_XXi_write_codeview_record): Fix possible
	unbounded stack use.
This commit is contained in:
Nick Clifton 2016-03-22 10:37:42 +00:00
parent 9780e04507
commit 7769fa97a0
2 changed files with 12 additions and 5 deletions

View file

@ -1,5 +1,8 @@
2016-03-22 Nick Clifton <nickc@redhat.com> 2016-03-22 Nick Clifton <nickc@redhat.com>
* peXXigen.c (_bfd_XXi_write_codeview_record): Fix possible
unbounded stack use.
* warning.m4 (GCC_WARN_CFLAGS): Only add -Wstack-usage if using a * warning.m4 (GCC_WARN_CFLAGS): Only add -Wstack-usage if using a
sufficiently recent version of GCC. sufficiently recent version of GCC.
* configure: Regenerate. * configure: Regenerate.

View file

@ -62,6 +62,7 @@
#include "libbfd.h" #include "libbfd.h"
#include "coff/internal.h" #include "coff/internal.h"
#include "bfdver.h" #include "bfdver.h"
#include "libiberty.h"
#ifdef HAVE_WCHAR_H #ifdef HAVE_WCHAR_H
#include <wchar.h> #include <wchar.h>
#endif #endif
@ -1195,13 +1196,15 @@ _bfd_XXi_slurp_codeview_record (bfd * abfd, file_ptr where, unsigned long length
unsigned int unsigned int
_bfd_XXi_write_codeview_record (bfd * abfd, file_ptr where, CODEVIEW_INFO *cvinfo) _bfd_XXi_write_codeview_record (bfd * abfd, file_ptr where, CODEVIEW_INFO *cvinfo)
{ {
unsigned int size = sizeof (CV_INFO_PDB70) + 1; const bfd_size_type size = sizeof (CV_INFO_PDB70) + 1;
bfd_size_type written;
CV_INFO_PDB70 *cvinfo70; CV_INFO_PDB70 *cvinfo70;
char buffer[size]; char * buffer;
if (bfd_seek (abfd, where, SEEK_SET) != 0) if (bfd_seek (abfd, where, SEEK_SET) != 0)
return 0; return 0;
buffer = xmalloc (size);
cvinfo70 = (CV_INFO_PDB70 *) buffer; cvinfo70 = (CV_INFO_PDB70 *) buffer;
H_PUT_32 (abfd, CVINFO_PDB70_CVSIGNATURE, cvinfo70->CvSignature); H_PUT_32 (abfd, CVINFO_PDB70_CVSIGNATURE, cvinfo70->CvSignature);
@ -1215,10 +1218,11 @@ _bfd_XXi_write_codeview_record (bfd * abfd, file_ptr where, CODEVIEW_INFO *cvinf
H_PUT_32 (abfd, cvinfo->Age, cvinfo70->Age); H_PUT_32 (abfd, cvinfo->Age, cvinfo70->Age);
cvinfo70->PdbFileName[0] = '\0'; cvinfo70->PdbFileName[0] = '\0';
if (bfd_bwrite (buffer, size, abfd) != size) written = bfd_bwrite (buffer, size, abfd);
return 0;
return size; free (buffer);
return written == size ? size : 0;
} }
static char * dir_names[IMAGE_NUMBEROF_DIRECTORY_ENTRIES] = static char * dir_names[IMAGE_NUMBEROF_DIRECTORY_ENTRIES] =