PR25961, buffer overflow in coff_swap_aux_in

[deliverable/binutils-gdb.git] / bfd / pef.c

diff --git a/bfd/pef.c b/bfd/pef.c
index 574d9bcb5d6361b8002e28945efc75a7cdf347a6..4e749e1949789946e540420920be43a940d5118d 100644 (file)
--- a/bfd/pef.c
+++ b/bfd/pef.c
@@ -446,14 +446,15 @@ bfd_pef_print_loader_section (bfd *abfd, FILE *file)
     return -1;
 
   loaderlen = loadersec->size;
-  loaderbuf = bfd_malloc (loaderlen);
+  if (loaderlen < 56)
+    return -1;
+  if (bfd_seek (abfd, loadersec->filepos, SEEK_SET) != 0)
+    return -1;
+  loaderbuf = _bfd_malloc_and_read (abfd, loaderlen, loaderlen);
   if (loaderbuf == NULL)
     return -1;
 
-  if (bfd_seek (abfd, loadersec->filepos, SEEK_SET) < 0
-      || bfd_bread ((void *) loaderbuf, loaderlen, abfd) != loaderlen
-      || loaderlen < 56
-      || bfd_pef_parse_loader_header (abfd, loaderbuf, 56, &header) < 0)
+  if (bfd_pef_parse_loader_header (abfd, loaderbuf, 56, &header) < 0)
     {
       free (loaderbuf);
       return -1;
@@ -479,17 +480,14 @@ bfd_pef_scan_start_address (bfd *abfd)
     goto end;
 
   loaderlen = loadersec->size;
-  loaderbuf = bfd_malloc (loaderlen);
-  if (loaderbuf == NULL)
-    goto end;
-
-  if (bfd_seek (abfd, loadersec->filepos, SEEK_SET) < 0)
+  if (loaderlen < 56)
     goto error;
-  if (bfd_bread ((void *) loaderbuf, loaderlen, abfd) != loaderlen)
+  if (bfd_seek (abfd, loadersec->filepos, SEEK_SET) != 0)
     goto error;
-
-  if (loaderlen < 56)
+  loaderbuf = _bfd_malloc_and_read (abfd, loaderlen, loaderlen);
+  if (loaderbuf == NULL)
     goto error;
+
   ret = bfd_pef_parse_loader_header (abfd, loaderbuf, 56, &header);
   if (ret < 0)
     goto error;
@@ -591,7 +589,7 @@ bfd_pef_read_header (bfd *abfd, bfd_pef_header *header)
   return 0;
 }
 
-static const bfd_target *
+static bfd_cleanup
 bfd_pef_object_p (bfd *abfd)
 {
   bfd_pef_header header;
@@ -610,7 +608,7 @@ bfd_pef_object_p (bfd *abfd)
   if (bfd_pef_scan (abfd, &header, mdata))
     goto wrong;
 
-  return abfd->xvec;
+  return _bfd_no_cleanup;
 
  wrong:
   bfd_set_error (bfd_error_wrong_format);
@@ -903,12 +901,10 @@ bfd_pef_parse_symbols (bfd *abfd, asymbol **csym)
   if (codesec != NULL)
     {
       codelen = codesec->size;
-      codebuf = bfd_malloc (codelen);
-      if (codebuf == NULL)
-       goto end;
-      if (bfd_seek (abfd, codesec->filepos, SEEK_SET) < 0)
+      if (bfd_seek (abfd, codesec->filepos, SEEK_SET) != 0)
        goto end;
-      if (bfd_bread ((void *) codebuf, codelen, abfd) != codelen)
+      codebuf = _bfd_malloc_and_read (abfd, codelen, codelen);
+      if (codebuf == NULL)
        goto end;
     }
 
@@ -916,12 +912,10 @@ bfd_pef_parse_symbols (bfd *abfd, asymbol **csym)
   if (loadersec != NULL)
     {
       loaderlen = loadersec->size;
-      loaderbuf = bfd_malloc (loaderlen);
-      if (loaderbuf == NULL)
+      if (bfd_seek (abfd, loadersec->filepos, SEEK_SET) != 0)
        goto end;
-      if (bfd_seek (abfd, loadersec->filepos, SEEK_SET) < 0)
-       goto end;
-      if (bfd_bread ((void *) loaderbuf, loaderlen, abfd) != loaderlen)
+      loaderbuf = _bfd_malloc_and_read (abfd, loaderlen, loaderlen);
+      if (loaderbuf == NULL)
        goto end;
     }
 
@@ -1132,7 +1126,7 @@ bfd_pef_xlib_scan (bfd *abfd, bfd_pef_xlib_header *header)
   return 0;
 }
 
-static const bfd_target *
+static bfd_cleanup
 bfd_pef_xlib_object_p (bfd *abfd)
 {
   bfd_pef_xlib_header header;
@@ -1157,7 +1151,7 @@ bfd_pef_xlib_object_p (bfd *abfd)
       return NULL;
     }
 
-  return abfd->xvec;
+  return _bfd_no_cleanup;
 }
 
 const bfd_target pef_xlib_vec =