From: Alan Modra <amodra@gmail.com>
Date: Mon, 23 Mar 2020 10:50:54 +0000 (+1030)
Subject: i386msdos uninitialised read
X-Git-Url: http://git.efficios.com/?a=commitdiff_plain;h=5e737279c6e832a757f0326128e5a5f96fbdd291;p=deliverable%2Fbinutils-gdb.git

i386msdos uninitialised read

Also reinstate ld i386aout for i386-msdos target, which doesn't build
otherwise.

bfd/
	* i386msdos.c (msdos_object_p): Don't access e_lfanew when that
	field hasn't been read.  Remove unnecessary casts.
ld/
	* Makefile.am (ALL_EMULATION_SOURCES): Reinstate ei386aout.c.
	Include ei386aout dep file.
	* Makefile.in: Regenerate.
	* po/BLD-POTFILES.in: Regenerate.
---

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 2e0abc8359..c513ebd753 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2020-03-23  Alan Modra  <amodra@gmail.com>
+
+	* i386msdos.c (msdos_object_p): Don't access e_lfanew when that
+	field hasn't been read.  Remove unnecessary casts.
+
 2020-03-22  Alan Modra  <amodra@gmail.com>
 
 	* coff64-rs6000.c (xcoff64_slurp_armap): Ensure size is large
diff --git a/bfd/i386msdos.c b/bfd/i386msdos.c
index 5b56751cd3..e9307a7a42 100644
--- a/bfd/i386msdos.c
+++ b/bfd/i386msdos.c
@@ -47,10 +47,10 @@ msdos_object_p (bfd *abfd)
   struct external_DOS_hdr hdr;
   bfd_byte buffer[2];
   asection *section;
-  unsigned int size;
+  bfd_size_type size;
 
   if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0
-      || bfd_bread (&hdr, (bfd_size_type) sizeof (hdr), abfd) < DOS_HDR_SIZE)
+      || (size = bfd_bread (&hdr, sizeof (hdr), abfd)) < DOS_HDR_SIZE)
     {
       if (bfd_get_error () != bfd_error_system_call)
 	bfd_set_error (bfd_error_wrong_format);
@@ -67,9 +67,11 @@ msdos_object_p (bfd *abfd)
      e_lfanew field will be valid and point to a header beginning with one of
      the relevant signatures.  If not, e_lfanew might point to anything, so
      don't bail if we can't read there.  */
-  if (H_GET_16 (abfd, hdr.e_cparhdr) < 4
-      || bfd_seek (abfd, (file_ptr) H_GET_32 (abfd, hdr.e_lfanew), SEEK_SET) != 0
-      || bfd_bread (buffer, (bfd_size_type) 2, abfd) != 2)
+  if (size < offsetof (struct external_DOS_hdr, e_lfanew) + 4
+      || H_GET_16 (abfd, hdr.e_cparhdr) < 4)
+    ;
+  else if (bfd_seek (abfd, H_GET_32 (abfd, hdr.e_lfanew), SEEK_SET) != 0
+	   || bfd_bread (buffer, (bfd_size_type) 2, abfd) != 2)
     {
       if (bfd_get_error () == bfd_error_system_call)
 	return NULL;
@@ -102,7 +104,7 @@ msdos_object_p (bfd *abfd)
   size += H_GET_16 (abfd, hdr.e_cblp);
 
   /* Check that the size is valid.  */
-  if (bfd_seek (abfd, (file_ptr) (section->filepos + size), SEEK_SET) != 0)
+  if (bfd_seek (abfd, section->filepos + size, SEEK_SET) != 0)
     {
       if (bfd_get_error () != bfd_error_system_call)
 	bfd_set_error (bfd_error_wrong_format);
diff --git a/ld/ChangeLog b/ld/ChangeLog
index 16c8b8b069..12efa1117f 100644
--- a/ld/ChangeLog
+++ b/ld/ChangeLog
@@ -1,3 +1,10 @@
+2020-03-23  Alan Modra  <amodra@gmail.com>
+
+	* Makefile.am (ALL_EMULATION_SOURCES): Reinstate ei386aout.c.
+	Include ei386aout dep file.
+	* Makefile.in: Regenerate.
+	* po/BLD-POTFILES.in: Regenerate.
+
 2020-03-20  H.J. Lu  <hongjiu.lu@intel.com>
 
 	* testsuite/ld-plugin/lto.exp (lto_link_tests): Run PR ld/25355
diff --git a/ld/Makefile.am b/ld/Makefile.am
index 4a9b8404b7..a64899fc09 100644
--- a/ld/Makefile.am
+++ b/ld/Makefile.am
@@ -312,6 +312,7 @@ ALL_EMULATION_SOURCES = \
 	ehppalinux.c \
 	ehppanbsd.c \
 	ehppaobsd.c \
+	ei386aout.c \
 	ei386beos.c \
 	ei386bsd.c \
 	ei386go32.c \
@@ -800,6 +801,7 @@ $(ALL_EMULATION_SOURCES) $(ALL_64_EMULATION_SOURCES): $(GEN_DEPENDS)
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ehppalinux.Pc@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ehppanbsd.Pc@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ehppaobsd.Pc@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386aout.Pc@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386beos.Pc@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386bsd.Pc@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386go32.Pc@am__quote@
diff --git a/ld/Makefile.in b/ld/Makefile.in
index 46d9b14077..b34455b1f8 100644
--- a/ld/Makefile.in
+++ b/ld/Makefile.in
@@ -802,6 +802,7 @@ ALL_EMULATION_SOURCES = \
 	ehppalinux.c \
 	ehppanbsd.c \
 	ehppaobsd.c \
+	ei386aout.c \
 	ei386beos.c \
 	ei386bsd.c \
 	ei386go32.c \
@@ -1418,6 +1419,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ehppalinux.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ehppanbsd.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ehppaobsd.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386aout.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386beos.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386bsd.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386go32.Po@am__quote@
@@ -2404,6 +2406,7 @@ $(ALL_EMULATION_SOURCES) $(ALL_64_EMULATION_SOURCES): $(GEN_DEPENDS)
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ehppalinux.Pc@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ehppanbsd.Pc@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ehppaobsd.Pc@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386aout.Pc@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386beos.Pc@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386bsd.Pc@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ei386go32.Pc@am__quote@
diff --git a/ld/po/BLD-POTFILES.in b/ld/po/BLD-POTFILES.in
index 3157480c6f..70f5ea9fa4 100644
--- a/ld/po/BLD-POTFILES.in
+++ b/ld/po/BLD-POTFILES.in
@@ -222,6 +222,7 @@ ehppaelf.c
 ehppalinux.c
 ehppanbsd.c
 ehppaobsd.c
+ei386aout.c
 ei386beos.c
 ei386bsd.c
 ei386go32.c