/* Read in a COFF object and make it into a BFD. This is used by
ECOFF as well. */
-const bfd_target *
+bfd_cleanup
coff_real_object_p (bfd *,
unsigned,
struct internal_filehdr *,
struct internal_aouthdr *);
-const bfd_target *
+bfd_cleanup
coff_real_object_p (bfd *abfd,
unsigned nscns,
struct internal_filehdr *internal_f,
}
_bfd_coff_free_symbols (abfd);
- return abfd->xvec;
+ return _bfd_no_cleanup;
fail:
_bfd_coff_free_symbols (abfd);
abfd->tdata.any = tdata_save;
abfd->flags = oflags;
abfd->start_address = ostart;
- return (const bfd_target *) NULL;
+ return NULL;
}
/* Turn a COFF file into a BFD, but fail with bfd_error_wrong_format if it is
not a COFF file. This is also used by ECOFF. */
-const bfd_target *
+bfd_cleanup
coff_object_p (bfd *abfd)
{
bfd_size_type filhsz;
size_t symesz;
size_t size;
void * syms;
- ufile_ptr filesize;
if (obj_coff_external_syms (abfd) != NULL)
return TRUE;
- /* Check for integer overflow and for unreasonable symbol counts. */
- filesize = bfd_get_file_size (abfd);
symesz = bfd_coff_symesz (abfd);
- if (_bfd_mul_overflow (obj_raw_syment_count (abfd), symesz, &size)
- || (filesize != 0 && size > filesize))
+ if (_bfd_mul_overflow (obj_raw_syment_count (abfd), symesz, &size))
{
bfd_set_error (bfd_error_file_truncated);
- _bfd_error_handler (_("%pB: corrupt symbol count: %#" PRIx64 ""),
- abfd, (uint64_t) obj_raw_syment_count (abfd));
return FALSE;
}
symbol_ptr = internal_ptr;
internal_ptr->is_sym = TRUE;
+ /* PR 17512: Prevent buffer overrun. */
+ if (symbol_ptr->u.syment.n_numaux > (raw_end - raw_src) / symesz)
+ {
+ bfd_release (abfd, internal);
+ return NULL;
+ }
+
for (i = 0;
i < symbol_ptr->u.syment.n_numaux;
i++)
internal_ptr++;
raw_src += symesz;
- /* PR 17512: Prevent buffer overrun. */
- if (raw_src >= raw_end || internal_ptr >= internal_end)
- {
- bfd_release (abfd, internal);
- return NULL;
- }
-
bfd_coff_swap_aux_in (abfd, (void *) raw_src,
symbol_ptr->u.syment.n_type,
symbol_ptr->u.syment.n_sclass,