/* coffgrok.c
- Copyright (C) 1994-2015 Free Software Foundation, Inc.
+ Copyright (C) 1994-2016 Free Software Foundation, Inc.
This file is part of GNU Binutils.
if (aux->x_sym.x_tagndx.p)
{
- unsigned int idx = INDEXOF (aux->x_sym.x_tagndx.p);
+ unsigned int idx;
+
+ /* PR 17512: file: e72f3988. */
+ if (aux->x_sym.x_tagndx.l < 0 || aux->x_sym.x_tagndx.p < rawsyms)
+ {
+ non_fatal (_("Invalid tag index %#lx encountered"), aux->x_sym.x_tagndx.l);
+ idx = 0;
+ }
+ else
+ idx = INDEXOF (aux->x_sym.x_tagndx.p);
if (idx >= rawcount)
{
++dimind;
ptr->type = coff_array_type;
- ptr->size = els * res->size;
+ /* PR 17512: file: ae1971e2.
+ Check for integer overflow. */
+ {
+ long long a, z;
+ a = els;
+ z = res->size;
+ a *= z;
+ ptr->size = (int) a;
+ if (ptr->size != a)
+ non_fatal (_("Out of range sum for els (%#x) * size (%#x)"), els, res->size);
+ }
ptr->u.array.dim = els;
ptr->u.array.array_of = res;
res = ptr;
if (!is->init)
{
is->low = s->where->offset;
- is->high = s->where->offset + s->type->size;
+ /* PR 17512: file: 37e7a80d.
+ Check for integer overflow computing low + size. */
+ {
+ long long a, z;
+
+ a = s->where->offset;
+ z = s->type->size;
+ a += z;
+ is->high = (int) a;
+ if (a != is->high)
+ non_fatal (_("Out of range sum for offset (%#x) + size (%#x)"),
+ is->low, s->type->size);
+ }
+ /* PR 17512: file: 37e7a80d. */
+ if (is->high < s->where->offset)
+ fatal (_("Out of range type size: %u"), s->type->size);
is->init = 1;
is->parent = s->where->section;
}
non_fatal (_("%s: is not a COFF format file"), bfd_get_filename (abfd));
return NULL;
}
-
+
storage = bfd_get_symtab_upper_bound (abfd);
if (storage < 0)
projects / deliverable / binutils-gdb.git / blobdiff