Fix an (almost) infinite loop in the tekhex parser.

PR binutils/17512 * tekhex.c (first_phase): Check that the section range is sane.
author: Nick Clifton <nickc@redhat.com> 2014-10-31 18:00:55 +0000
committer: Nick Clifton <nickc@redhat.com> 2014-10-31 18:00:55 +0000
commit: 690725fa0d98ae52c991f4b3ea58b6b47b4fbc80 (patch)
tree: bf814edbe98ad8ecce2cec83644efe9b8af7acf0 /bfd/tekhex.c
parent: Avoid allocating over-large buffers when parsing corrupt binaries. (diff)
download: binutils-gdb-690725fa0d98ae52c991f4b3ea58b6b47b4fbc80.tar.gz
binutils-gdb-690725fa0d98ae52c991f4b3ea58b6b47b4fbc80.tar.bz2
binutils-gdb-690725fa0d98ae52c991f4b3ea58b6b47b4fbc80.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/bfd/tekhex.c b/bfd/tekhex.c
index 2220d50c1e6..85f55931c3f 100644
--- a/bfd/tekhex.c
+++ b/bfd/tekhex.c
@@ -403,6 +403,9 @@ first_phase (bfd *abfd, int type, char *src)
 	      if (!getvalue (&src, &val))
 		return FALSE;
 	      section->size = val - section->vma;
+	      /* PR binutils/17512: Make sure that the size is sane.  */
+	      if (section->size > (bfd_size_type) bfd_get_size (abfd))
+		return FALSE;
 	      section->flags = SEC_HAS_CONTENTS | SEC_LOAD | SEC_ALLOC;
 	      break;
 	    case '0':
author	Nick Clifton <nickc@redhat.com>	2014-10-31 18:00:55 +0000
committer	Nick Clifton <nickc@redhat.com>	2014-10-31 18:00:55 +0000
commit	690725fa0d98ae52c991f4b3ea58b6b47b4fbc80 (patch)
tree	bf814edbe98ad8ecce2cec83644efe9b8af7acf0 /bfd/tekhex.c
parent	Avoid allocating over-large buffers when parsing corrupt binaries. (diff)
download	binutils-gdb-690725fa0d98ae52c991f4b3ea58b6b47b4fbc80.tar.gz binutils-gdb-690725fa0d98ae52c991f4b3ea58b6b47b4fbc80.tar.bz2 binutils-gdb-690725fa0d98ae52c991f4b3ea58b6b47b4fbc80.zip