projects / deliverable / binutils-gdb.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
PR 6844
[deliverable/binutils-gdb.git] / bfd / srec.c
diff --git a/bfd/srec.c b/bfd/srec.c
index a5f588c231e99c811e3f5d8990900f5218745541..b7d515ccb9ec60e1919d9ff354bf942df9a29a75 100644 (file)
--- a/bfd/srec.c
+++ b/bfd/srec.c
@@ -428,6 +428,11 @@ srec_scan (bfd *abfd)
                  symval <<= 4;
                  symval += NIBBLE (c);
                  c = srec_get_byte (abfd, &error);
+                 if (c == EOF)
+                   {
+                     srec_bad_byte (abfd, lineno, c, error);
+                     goto error_return;
+                   }
                }
 
              if (! srec_new_symbol (abfd, symname, symval))
@@ -453,6 +458,7 @@ srec_scan (bfd *abfd)
            unsigned int bytes;
            bfd_vma address;
            bfd_byte *data;
+           unsigned char check_sum;
 
            /* Starting an S-record.  */
 
@@ -471,7 +477,7 @@ srec_scan (bfd *abfd)
                goto error_return;
              }
 
-           bytes = HEX (hdr + 1);
+           check_sum = bytes = HEX (hdr + 1);
            if (bytes * 2 > bufsize)
              {
                if (buf != NULL)
@@ -500,18 +506,22 @@ srec_scan (bfd *abfd)
                break;
 
              case '3':
+               check_sum += HEX (data);
                address = HEX (data);
                data += 2;
                --bytes;
                /* Fall through.  */
              case '2':
+               check_sum += HEX (data);
                address = (address << 8) | HEX (data);
                data += 2;
                --bytes;
                /* Fall through.  */
              case '1':
+               check_sum += HEX (data);
                address = (address << 8) | HEX (data);
                data += 2;
+               check_sum += HEX (data);
                address = (address << 8) | HEX (data);
                data += 2;
                bytes -= 2;
@@ -543,25 +553,56 @@ srec_scan (bfd *abfd)
                    sec->size = bytes;
                    sec->filepos = pos;
                  }
+
+               while (bytes > 0)
+                 {
+                   check_sum += HEX (data);
+                   data += 2;
+                   bytes--;
+                 }
+               check_sum = 255 - (check_sum & 0xff);
+               if (check_sum != HEX (data))
+                 {
+                   (*_bfd_error_handler)
+                     (_("%B:%d: Bad checksum in S-record file\n"),
+                      abfd, lineno);
+                   bfd_set_error (bfd_error_bad_value);
+                   goto error_return;
+                 }
+
                break;
 
              case '7':
+               check_sum += HEX (data);
                address = HEX (data);
                data += 2;
                /* Fall through.  */
              case '8':
+               check_sum += HEX (data);
                address = (address << 8) | HEX (data);
                data += 2;
                /* Fall through.  */
              case '9':
+               check_sum += HEX (data);
                address = (address << 8) | HEX (data);
                data += 2;
+               check_sum += HEX (data);
                address = (address << 8) | HEX (data);
                data += 2;
 
                /* This is a termination record.  */
                abfd->start_address = address;
 
+               check_sum = 255 - (check_sum & 0xff);
+               if (check_sum != HEX (data))
+                 {
+                   (*_bfd_error_handler)
+                     (_("%B:%d: Bad checksum in S-record file\n"),
+                      abfd, lineno);
+                   bfd_set_error (bfd_error_bad_value);
+                   goto error_return;
+                 }
+
                if (buf != NULL)
                  free (buf);
 
@@ -781,10 +822,20 @@ srec_get_section_contents (bfd *abfd,
                           file_ptr offset,
                           bfd_size_type count)
 {
+  if (count == 0)
+    return TRUE;
+
+  if (offset + count < count
+      || offset + count > section->size)
+    {
+      bfd_set_error (bfd_error_invalid_operation);
+      return FALSE;
+    }
+
   if (section->used_by_bfd == NULL)
     {
       section->used_by_bfd = bfd_alloc (abfd, section->size);
-      if (section->used_by_bfd == NULL && section->size != 0)
+      if (section->used_by_bfd == NULL)
        return FALSE;
 
       if (! srec_read_section (abfd, section, section->used_by_bfd))
GDB Binutils - Deliverables
This page took 0.024889 seconds and 4 git commands to generate.