diff options
| author |   Yuriy M. Kaminskiy <yumkam@gmail.com> | 2015-08-04 16:51:53 +0100 |
|---|---|---|
| committer |   Nick Clifton <nickc@redhat.com> | 2015-08-04 16:51:53 +0100 |
| commit | 7e27a9d5f22f9f7ead11738b1546d0b5c737266b (patch) | |
| tree | 46bffdfecd821e8f439790cab4da495658777807 /bfd/ihex.c | |
| parent | Fix memory leak in ar if it encounters an invalid path whilst extracting files. (diff) | |
| download | binutils-gdb-7e27a9d5f22f9f7ead11738b1546d0b5c737266b.tar.gz binutils-gdb-7e27a9d5f22f9f7ead11738b1546d0b5c737266b.tar.bz2 binutils-gdb-7e27a9d5f22f9f7ead11738b1546d0b5c737266b.zip | |
Fix stack buffer overflows when parsing corrupt ihex files.
PR binutils/18750
* ihex.c (ihex_scan): Fixes incorrect escape sequence in error message
and stack overflow when char is signed and \200-\376 was in place of hex
digit; also fixes \377 was handled as EOF instead of "incorrect character".
(ihex_read_section): Changed for consistency.
(ihex_bad_byte): Prevent (now impossible to trigger) stack
overflow and incorrect escape sequence handling.
* srec.c (srec_bad_byte): Likewise.
* readelf.c (process_mips_specific): Fix incorrect escape
sequence handling.
Diffstat (limited to 'bfd/ihex.c')
| -rw-r--r-- | bfd/ihex.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/bfd/ihex.c b/bfd/ihex.c index 8e663726eee..38112f6e0d0 100644 --- a/bfd/ihex.c +++ b/bfd/ihex.c @@ -219,7 +219,7 @@ ihex_bad_byte (bfd *abfd, unsigned int lineno, int c, bfd_boolean error) char buf[10]; if (! ISPRINT (c)) - sprintf (buf, "\\%03o", (unsigned int) c); + sprintf (buf, "\\%03o", (unsigned int) c & 0xff); else { buf[0] = c; @@ -276,7 +276,7 @@ ihex_scan (bfd *abfd) else { file_ptr pos; - char hdr[8]; + unsigned char hdr[8]; unsigned int i; unsigned int len; bfd_vma addr; @@ -553,7 +553,7 @@ ihex_read_section (bfd *abfd, asection *section, bfd_byte *contents) error = FALSE; while ((c = ihex_get_byte (abfd, &error)) != EOF) { - char hdr[8]; + unsigned char hdr[8]; unsigned int len; unsigned int type; unsigned int i; |