From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hjl@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1039)
	id 8F6003858C33; Thu,  4 Apr 2024 22:36:23 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8F6003858C33
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1712270183;
	bh=5bG3I1CTnfHiisSDNPwSB0OhY0oCU+QwrkVqTYKn5oU=;
	h=From:To:Subject:Date:From;
	b=KGFQEHZZlxPeVt4RoiB3ttsMLmSyNRxbwfWn0bbCzTTVPvl/Y8iUE3Mt3RoFP6u9h
	 V5W4oGPJHz63bPb3nd+QkTiVyaAr2sfbx59eTyDCMX74SLqh+FDkBbZ8pfbpYytTlf
	 eK0y1Gg7qfI4Wp8sZbTUYpF3VOd/JSBs+ggBWaLk=
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: H.J. Lu <hjl@sourceware.org>
To: binutils-cvs@sourceware.org
Subject: [binutils-gdb] bfd_mmap_local: Check offset and size
X-Act-Checkin: binutils-gdb
X-Git-Author: H.J. Lu <hjl.tools@gmail.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 360d244b24e84c50f2c6054908cfafb370a1f13c
X-Git-Newrev: 0ffdc37b98964477e70bfd63ca28f374193dcdb2
Message-Id: <20240404223623.8F6003858C33@sourceware.org>
Date: Thu,  4 Apr 2024 22:36:23 +0000 (GMT)
List-Id: <binutils-cvs.sourceware.org>

https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3D0ffdc37b9896=
4477e70bfd63ca28f374193dcdb2

commit 0ffdc37b98964477e70bfd63ca28f374193dcdb2
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Thu Apr 4 06:37:18 2024 -0700

    bfd_mmap_local: Check offset and size
   =20
    Update bfd_mmap_local to return NULL if filesize < offset or filesize -
    offset < rsize.
   =20
            * libbfd.c (bfd_mmap_local): Validate offset and size against
            the file size.

Diff:
---
 bfd/libbfd.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/bfd/libbfd.c b/bfd/libbfd.c
index 5126ee207a8..86366e496c5 100644
--- a/bfd/libbfd.c
+++ b/bfd/libbfd.c
@@ -1072,18 +1072,15 @@ static void *
 bfd_mmap_local (bfd *abfd, size_t rsize, int prot, void **map_addr,
 		size_t *map_size)
 {
-  if (!_bfd_constant_p (rsize))
+  ufile_ptr filesize =3D bfd_get_file_size (abfd);
+  ufile_ptr offset =3D bfd_tell (abfd);
+  if (filesize < offset || filesize - offset < rsize)
     {
-      ufile_ptr filesize =3D bfd_get_file_size (abfd);
-      if (filesize !=3D 0 && rsize > filesize)
-	{
-	  bfd_set_error (bfd_error_file_truncated);
-	  return NULL;
-	}
+      bfd_set_error (bfd_error_file_truncated);
+      return NULL;
     }
=20
   void *mem;
-  ufile_ptr offset =3D bfd_tell (abfd);
   mem =3D bfd_mmap (abfd, NULL, rsize, prot, MAP_PRIVATE, offset,
 		  map_addr, map_size);
   return mem;