From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 37379 invoked by alias); 2 Mar 2020 01:01:28 -0000 Mailing-List: contact binutils-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: binutils-owner@sourceware.org Received: (qmail 37367 invoked by uid 89); 2 Mar 2020 01:01:27 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-23.3 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=3147, endless X-HELO: mail-pj1-f46.google.com Received: from mail-pj1-f46.google.com (HELO mail-pj1-f46.google.com) (209.85.216.46) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 02 Mar 2020 01:01:26 +0000 Received: by mail-pj1-f46.google.com with SMTP id dw13so3675490pjb.4 for ; Sun, 01 Mar 2020 17:01:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:subject:message-id:mime-version:content-disposition :user-agent; bh=ETIh3qY1ySGY4qaU+f4H1w0md9ktO8AOrKfxHPLlgX8=; b=uSXzIPJlndTmrfc8IeKSdVXsCvpBhwgW+QZKS3d9yvnReyyg49KuhljBzDL8OR9rKA VOzWhWOkev6a0c7L96bs9YG7boWl8B63U84G3kaWxm5ot0XVIuZj3kzdvIyPfw6CZMLj iP2SbaWKuVtq9zD8JoHq/oWeLl6G6ZzHxc8hARqaTP7m5PwaSaxsBq0EHzZpx/CPrxeb bcuvbm2p/quJ7oU22xNVCWnnPWbdc98MJ92Cf72qXJOSty58wuvpEArb77SXm+ODIrxX h5lIVxvjPbvVgWJPou9bsyu3bqbupk4N0jFWQd8nwkGlRKbwBT8iHntLC2saC9GBSl/m 8qAg== Return-Path: Received: from bubble.grove.modra.org (158.106.96.58.static.exetel.com.au. [58.96.106.158]) by smtp.gmail.com with ESMTPSA id z30sm18613040pff.131.2020.03.01.17.01.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 01 Mar 2020 17:01:24 -0800 (PST) Received: by bubble.grove.modra.org (Postfix, from userid 1000) id A779380490; Mon, 2 Mar 2020 11:31:20 +1030 (ACDT) Date: Mon, 02 Mar 2020 01:01:00 -0000 From: Alan Modra To: binutils@sourceware.org Subject: alpha-vms: prevent endless recursion Message-ID: <20200302010120.GC5384@bubble.grove.modra.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.9.4 (2018-02-28) X-IsSubscribed: yes X-SW-Source: 2020-03/txt/msg00003.txt * vms-lib.c (vms_traverse_index): Add recur_count param and update calls. Fail on excessive recursion. diff --git a/bfd/vms-lib.c b/bfd/vms-lib.c index 65fd70a720..66a40bc91c 100644 --- a/bfd/vms-lib.c +++ b/bfd/vms-lib.c @@ -242,7 +242,8 @@ vms_write_block (bfd *abfd, unsigned int vbn, void *blk) If the entry is indirect, recurse. */ static bfd_boolean -vms_traverse_index (bfd *abfd, unsigned int vbn, struct carsym_mem *cs) +vms_traverse_index (bfd *abfd, unsigned int vbn, struct carsym_mem *cs, + unsigned int recur_count) { struct vms_indexdef indexdef; file_ptr off; @@ -250,6 +251,12 @@ vms_traverse_index (bfd *abfd, unsigned int vbn, struct carsym_mem *cs) unsigned char *endp; unsigned int n; + if (recur_count == 100) + { + bfd_set_error (bfd_error_bad_value); + return FALSE; + } + /* Read the index block. */ BFD_ASSERT (sizeof (indexdef) == VMS_BLOCK_SIZE); if (!vms_read_block (abfd, vbn, &indexdef)) @@ -307,7 +314,7 @@ vms_traverse_index (bfd *abfd, unsigned int vbn, struct carsym_mem *cs) if (idx_off == RFADEF__C_INDEX) { /* Indirect entry. Recurse. */ - if (!vms_traverse_index (abfd, idx_vbn, cs)) + if (!vms_traverse_index (abfd, idx_vbn, cs, recur_count + 1)) return FALSE; } else @@ -454,7 +461,7 @@ vms_lib_read_index (bfd *abfd, int idx, unsigned int *nbrel) /* Note: if the index is empty, there is no block to traverse. */ vbn = bfd_getl32 (idd.vbn); - if (vbn != 0 && !vms_traverse_index (abfd, vbn, &csm)) + if (vbn != 0 && !vms_traverse_index (abfd, vbn, &csm, 0)) { if (csm.realloced) free (csm.idx); -- Alan Modra Australia Development Lab, IBM