- {
- bfd_vma payload_len;
- file_ptr section_start;
- bfd_vma namelen;
- char *prefix = WASM_SECTION_PREFIX;
- char *p;
- int ret;
-
- payload_len = wasm_read_leb128 (abfd, &error, &bytes_read, FALSE);
- if (error)
- goto error_return;
- section_start = bfd_tell (abfd);
- namelen = wasm_read_leb128 (abfd, &error, &bytes_read, FALSE);
- if (error || namelen > payload_len)
- goto error_return;
- name = bfd_zmalloc (namelen + strlen (prefix) + 1);
- if (! name)
- goto error_return;
- p = name;
- ret = sprintf (p, "%s", prefix);
- if (ret < 0 || (bfd_vma) ret != strlen (prefix))
- goto error_return;
- p += ret;
- if (bfd_bread (p, namelen, abfd) != namelen)
+ {
+ bfd_vma payload_len;
+ bfd_vma namelen;
+ char *name;
+ char *prefix = WASM_SECTION_PREFIX;
+ size_t prefixlen = strlen (prefix);
+ ufile_ptr filesize;
+
+ payload_len = wasm_read_leb128 (abfd, &error, &bytes_read, FALSE);
+ if (error)
+ goto error_return;
+ namelen = wasm_read_leb128 (abfd, &error, &bytes_read, FALSE);
+ if (error || bytes_read > payload_len
+ || namelen > payload_len - bytes_read)
+ goto error_return;
+ payload_len -= namelen + bytes_read;
+ filesize = bfd_get_file_size (abfd);
+ if (filesize != 0 && namelen > filesize)
+ {
+ bfd_set_error (bfd_error_file_truncated);
+ return FALSE;
+ }
+ name = bfd_alloc (abfd, namelen + prefixlen + 1);
+ if (!name)